انت هنا الان: الرئيسية » القسم الاكاديمي
المقالات الاكاديمية والبحثية

Multistep Attacks Extraction Using Compiler Techniques1

    لتحميل الملف من هنا
Views  1759
Rating  0
 صفاء عبيس مهدي المعموري 6/12/2011 7:37:28 AM
تصفح هذه الورقة الالكترونية بتقنية Media To Flash Paper


Multistep Attacks Extraction Using Compiler Techniques1


Safaa O. Al- Mamory, ZHANG Hongli School of Computer Science, Harbin Institute of technology,Harbin, China
 
safaa_vb@yahoo.com , zhl@pact518.hit.edu.cn


 
Abstract :-

 
The Intrusion detection system (IDS) is a security technology that attempts to identify network intrusions. Defending against multistep intrusions which prepare for each other is a challenging task. In this paper, alerts classified into predefined classes. Then, the Context-Free Grammar (CFG) was used to describe the multistep attacks using alerts classes. Based on the CFGs, the modified LR parser was recruited to generate the parse trees of the scenarios presented in the alerts. The experiments were performed on two different sets of network traffic traces, using different open-source and commercial IDSs. The detected scenarios are represented by Correlation Graphs (CGs). The experimental results show that the CFG can describe multistep attacks explicitly and the modified LR parser, based on the CFG, can construct scenarios successfully.
 
   
Introduction:-

 
 The study of IDS has become an important aspect of network security. When the IDS detects a set of attacks, it will generate many alerts referring to security breaches. Unfortunately, the IDS can not deduce anything from these separated attacks. As a result, alert correlation is an important solution to link separated attacks, to give alerts another meaning, and to infer attack scenarios. Alert correlation function is to find out the logical relationships among the alerts. Attackers are likely to launch a series of attacks against their targets. Intelligent hackers are more likely to disguise their real purpose by launching many other minor attacks. Alert correlation is used to correlate alerts based on logical relationships among the alerts. This function will provide the security analysts with a great insight into where the initial attacks came from and where they actually end up.


 
  Dear visitor, 
For downloading the full version of the research/article click on the pdf icon above.


  • وصف الــ Tags لهذا الموضوع
  • Multistep Attacks Extraction Using Compiler Techniques1

هذه الفقرة تنقلك الى صفحات ذات علاقة بالمقالات الاكاديمية ومنها الاوراق البحثية المقدمة من قبل اساتذة جامعة بابل وكذلك مجموعة المجلات العلمية والانسانية في الجامعة وعدد من المدنات المرفوعة من قبل مشرف موقع الكلية وهي كالاتي:

قسم المعلومات

يمكنكم التواصل مع قسم معلومات الكلية في حالة تقديم اي شكاوى من خلال الكتابة الينا,يتوجب عليك اختيار نوع الرسالة التي تود ان ترسلها لادارة الموقع :