基于迭代预警关联的网络入侵场景提取方法

20th Iranian Conference on Electrical Engineering (ICEE2012) Pub Date : 2012-05-15 DOI:10.1109/IRANIANCEE.2012.6292441

R. Anbarestani, B. Akbari, F. Fathi

{"title":"基于迭代预警关联的网络入侵场景提取方法","authors":"R. Anbarestani, B. Akbari, F. Fathi","doi":"10.1109/IRANIANCEE.2012.6292441","DOIUrl":null,"url":null,"abstract":"Alert correlation aims to provide an abstract and high-level view of environment security state, as one can extract attack strategies from raw intrusion alerts. Most existing alert correlation approaches depend on either expert knowledge or predefined patterns for detecting complex attack steps. In this paper we provide a Bayesian network based alert correlation approach that is able to discover attack strategies without need to expert knowledge. The main goal of this work is extracting attack scenarios, with taking into account the sequence of actions. We also try to eliminate redundant relationships in a detected attack scenario. The experimental evaluation using the well-known DARPA 2000 data set shows the efficiency of our proposed approach in extracting the intrusion scenarios.","PeriodicalId":308726,"journal":{"name":"20th Iranian Conference on Electrical Engineering (ICEE2012)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"An iterative alert correlation method for extracting network intrusion scenarios\",\"authors\":\"R. Anbarestani, B. Akbari, F. Fathi\",\"doi\":\"10.1109/IRANIANCEE.2012.6292441\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Alert correlation aims to provide an abstract and high-level view of environment security state, as one can extract attack strategies from raw intrusion alerts. Most existing alert correlation approaches depend on either expert knowledge or predefined patterns for detecting complex attack steps. In this paper we provide a Bayesian network based alert correlation approach that is able to discover attack strategies without need to expert knowledge. The main goal of this work is extracting attack scenarios, with taking into account the sequence of actions. We also try to eliminate redundant relationships in a detected attack scenario. The experimental evaluation using the well-known DARPA 2000 data set shows the efficiency of our proposed approach in extracting the intrusion scenarios.\",\"PeriodicalId\":308726,\"journal\":{\"name\":\"20th Iranian Conference on Electrical Engineering (ICEE2012)\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-05-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"20th Iranian Conference on Electrical Engineering (ICEE2012)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IRANIANCEE.2012.6292441\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"20th Iranian Conference on Electrical Engineering (ICEE2012)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IRANIANCEE.2012.6292441","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

警报关联旨在提供环境安全状态的抽象和高级视图，因为可以从原始入侵警报中提取攻击策略。大多数现有的警报关联方法要么依赖于专家知识，要么依赖于预定义模式来检测复杂的攻击步骤。本文提出了一种基于贝叶斯网络的警报关联方法，该方法能够在不需要专家知识的情况下发现攻击策略。这项工作的主要目标是提取攻击场景，并考虑到行动的顺序。我们还尝试在检测到的攻击场景中消除冗余关系。使用著名的DARPA 2000数据集进行的实验评估表明，我们提出的方法在提取入侵场景方面是有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

An iterative alert correlation method for extracting network intrusion scenarios

Alert correlation aims to provide an abstract and high-level view of environment security state, as one can extract attack strategies from raw intrusion alerts. Most existing alert correlation approaches depend on either expert knowledge or predefined patterns for detecting complex attack steps. In this paper we provide a Bayesian network based alert correlation approach that is able to discover attack strategies without need to expert knowledge. The main goal of this work is extracting attack scenarios, with taking into account the sequence of actions. We also try to eliminate redundant relationships in a detected attack scenario. The experimental evaluation using the well-known DARPA 2000 data set shows the efficiency of our proposed approach in extracting the intrusion scenarios.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

20th Iranian Conference on Electrical Engineering (ICEE2012)

自引率

0.00%

发文量