انت هنا الان: الرئيسية » القسم الاكاديمي
المقالات الاكاديمية والبحثية

Building Scenario Graph Using Clustering

    لتحميل الملف من هنا
Views  1728
Rating  0
 صفاء عبيس مهدي المعموري 6/12/2011 7:08:58 AM
تصفح هذه الورقة الالكترونية بتقنية Media To Flash Paper


Building Scenario Graph Using Clustering

 
 Safaa O. Al- Mamory School of Computer Science Harbin  Institute of technology Harbin, China,

 
Safaa_vb@yahoo.com    Hong Li Zhang School of Computer Science Harbin Institute of technology Harbin, China,

 
zhl@pact518.hit.edu.cn


 
Abstract :-
 
 
The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios.We have conducted the experiments using Snort as NIDS with different datasets that contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.

   
Introduction :-
 
 
When the NIDS detects a set of attacks, it will generate many alerts that refer to security breaches. Unfortunately, the NIDS cannot deduce anything from these separated attacks. So, alert correlation is an important solution to link separated attacks, to give alerts another meaning, and to infer attack scenarios. Alert correlation and analysis are a critical task in security management. Recently, several techniques and approaches have been proposed to correlate and analyze security alerts, most of them focus on the aggregation and analysis of raw security alerts, and build attack scenarios. An interesting method is the work of Ning et al.[1]. They were a proposed alert correlation model based on the observation that most intrusions consist of many stages, with the early stages preparing for the later ones. They were collected alerts from NIDS, correlated off-line, and tried to draw a big picture (through SGs) of what happens in the monitored network. However, there are some shortcomings .


   
Dear visitor,  For downloading the full version of the research/article click on the pdf icon above.


  • وصف الــ Tags لهذا الموضوع
  • Building Scenario Graph Using Clustering

هذه الفقرة تنقلك الى صفحات ذات علاقة بالمقالات الاكاديمية ومنها الاوراق البحثية المقدمة من قبل اساتذة جامعة بابل وكذلك مجموعة المجلات العلمية والانسانية في الجامعة وعدد من المدنات المرفوعة من قبل مشرف موقع الكلية وهي كالاتي:

قسم المعلومات

يمكنكم التواصل مع قسم معلومات الكلية في حالة تقديم اي شكاوى من خلال الكتابة الينا,يتوجب عليك اختيار نوع الرسالة التي تود ان ترسلها لادارة الموقع :