{"title":"Multistep attacks extraction using compiler techniques","authors":"S. Al-Mamory, Hongli Zhang","doi":"10.1109/HSPR.2008.4734441","DOIUrl":null,"url":null,"abstract":"The intrusion detection system (IDS) is a security technology that attempts to identify network intrusions. Defending against multistep intrusions which prepare for each other is a challenging task. In this paper, alerts classified into predefined classes. Then, the context-free grammar (CFG) was used to describe the multistep attacks using alerts classes. Based on the CFGs, the modified LR parser was recruited to generate the parse trees of the scenarios presented in the alerts. The experiments were performed on two different sets of network traffic traces, using different open-source and commercial IDSs. The detected scenarios are represented by correlation graphs (CGs). The experimental results show that the CFG can describe multistep attacks explicitly and the modified LR parser, based on the CFG, can construct scenarios successfully.","PeriodicalId":130484,"journal":{"name":"2008 International Conference on High Performance Switching and Routing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on High Performance Switching and Routing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HSPR.2008.4734441","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The intrusion detection system (IDS) is a security technology that attempts to identify network intrusions. Defending against multistep intrusions which prepare for each other is a challenging task. In this paper, alerts classified into predefined classes. Then, the context-free grammar (CFG) was used to describe the multistep attacks using alerts classes. Based on the CFGs, the modified LR parser was recruited to generate the parse trees of the scenarios presented in the alerts. The experiments were performed on two different sets of network traffic traces, using different open-source and commercial IDSs. The detected scenarios are represented by correlation graphs (CGs). The experimental results show that the CFG can describe multistep attacks explicitly and the modified LR parser, based on the CFG, can construct scenarios successfully.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
