从入侵警报自动识别攻击计划

Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007) Pub Date : 2007-07-30 DOI:10.1109/SNPD.2007.396

Li Wang, Zhitang Li, Jie Ma, Yang-ming Ma, Aifang Zhang

{"title":"从入侵警报自动识别攻击计划","authors":"Li Wang, Zhitang Li, Jie Ma, Yang-ming Ma, Aifang Zhang","doi":"10.1109/SNPD.2007.396","DOIUrl":null,"url":null,"abstract":"The amount of security application products connected to the Internet increased so dramatically that they usually generate huge volumes of security audit data. Therefore, it is important to develop an advanced alert correlation system that can reduce data redundancy and provide effective direction. This paper describes the framework, SATA, for Security Alerts and Threats analysis. Using SATA, raw audit data is firstpreprocessed into hi-alerts, which are refined and verified as true threat. We further analyze the correlation-ship of real-time hi-alerts to achieve the goal of online attack plan recognition. A key contribution of the paper is thus in automatic \"multistage attack plan recognition\". It also solves the problem of detecting novel multi-stage attacks. Experiment shows our approach can effectively correlate multi-stage attack behaviors and identify true attack threats.","PeriodicalId":197058,"journal":{"name":"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)","volume":"26 9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Automatic attack plan recognition from intrusion alerts\",\"authors\":\"Li Wang, Zhitang Li, Jie Ma, Yang-ming Ma, Aifang Zhang\",\"doi\":\"10.1109/SNPD.2007.396\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The amount of security application products connected to the Internet increased so dramatically that they usually generate huge volumes of security audit data. Therefore, it is important to develop an advanced alert correlation system that can reduce data redundancy and provide effective direction. This paper describes the framework, SATA, for Security Alerts and Threats analysis. Using SATA, raw audit data is firstpreprocessed into hi-alerts, which are refined and verified as true threat. We further analyze the correlation-ship of real-time hi-alerts to achieve the goal of online attack plan recognition. A key contribution of the paper is thus in automatic \\\"multistage attack plan recognition\\\". It also solves the problem of detecting novel multi-stage attacks. Experiment shows our approach can effectively correlate multi-stage attack behaviors and identify true attack threats.\",\"PeriodicalId\":197058,\"journal\":{\"name\":\"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)\",\"volume\":\"26 9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-07-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SNPD.2007.396\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD.2007.396","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

连接到Internet的安全应用产品数量急剧增加，通常会产生大量的安全审计数据。因此，开发一种先进的预警关联系统，减少数据冗余，提供有效的指导是非常重要的。本文描述了用于安全警报和威胁分析的框架SATA。使用SATA，原始审计数据首先被预处理成高警报，这些警报被提炼并验证为真正的威胁。我们进一步分析了实时高警报的相关性，以实现在线攻击计划识别的目标。因此，本文的一个关键贡献是自动“多阶段攻击计划识别”。同时也解决了新型多阶段攻击的检测问题。实验表明，该方法能够有效地关联多阶段攻击行为，识别真实的攻击威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Automatic attack plan recognition from intrusion alerts

The amount of security application products connected to the Internet increased so dramatically that they usually generate huge volumes of security audit data. Therefore, it is important to develop an advanced alert correlation system that can reduce data redundancy and provide effective direction. This paper describes the framework, SATA, for Security Alerts and Threats analysis. Using SATA, raw audit data is firstpreprocessed into hi-alerts, which are refined and verified as true threat. We further analyze the correlation-ship of real-time hi-alerts to achieve the goal of online attack plan recognition. A key contribution of the paper is thus in automatic "multistage attack plan recognition". It also solves the problem of detecting novel multi-stage attacks. Experiment shows our approach can effectively correlate multi-stage attack behaviors and identify true attack threats.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)

自引率

0.00%

发文量

期刊最新文献

An RBF Network Based Beamformer for Mimo Wireless Communication Systems Tailoring Software Evolution Process Communication Optimization Algorithms based on Extend Data Flow Graph Improving Blind Equalization Algorithm for Wireless Communication Systems Speech Enhancement Employing Modified a Priori SNR Estimation