A realistic graph-based alert correlation system

被引:28
作者
Ben Fredj, Ouissem [1 ]
机构
[1] Taif Univ, At Taif, Saudi Arabia
来源
SECURITY AND COMMUNICATION NETWORKS | 2015年 / 8卷 / 15期
关键词
security; correlation; attack graph; Markov chain;
D O I
10.1002/sec.1190
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper introduces a graph-based attack description that comes with different analysis methods for alert correlation. The system encompasses an attack scenario detection method, an alert correlation method that recognizes multistep attacks, and graph-based classification method to extract different types of alerts. The performance analysis shows that the system can correlate a huge number of alerts (more than 442000 alerts) into a dozens of attack graphs. The attack graph has permitted us to extract several attack properties with high precision. Copyright (c) 2015 John Wiley & Sons, Ltd.
引用
收藏
页码:2477 / 2493
页数:17
相关论文
共 32 条
[1]   A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs [J].
Ahmadinejad, Seyed Hossein ;
Jalili, Saeed ;
Abadi, Mandi .
COMPUTER NETWORKS, 2011, 55 (09) :2221-2240
[2]  
AKERS SB, 1978, IEEE T COMPUT, V27, P509, DOI 10.1109/TC.1978.1675141
[3]  
Andersen H.R., 1999, LECT NOTES
[4]  
[Anonymous], 2004, NDSS
[5]  
[Anonymous], 2001, INT WORKSH REC ADV I
[6]  
[Anonymous], 2001, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, RAID'00, DOI 10.1007/3-540-45474-86
[7]   Alarm reduction and correlation in defence of IP networks [J].
Chyssler, T ;
Nadjm-Tehrani, S ;
Burschka, S ;
Burbeck, K .
THIRTEENTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 2004, :229-234
[8]  
Cuppens F, 2002, P IEEE S SECUR PRIV, P202, DOI 10.1109/SECPRI.2002.1004372
[9]  
DAIN O, 2002, IEEE T SYSTEMS MAN C
[10]  
DEBAR H, 2007, 4765 IETF RFC
1234