IJWMT Vol. 2, No. 2, 15 Apr. 2012
Cover page and Table of Contents: PDF (size: 977KB)
Full Text (PDF, 977KB), PP.20-25
Views: 0 Downloads: 0
Network security, multi-step attack, alert correlation, attack conversion frequencies
Massive security alerts produced by safety equipments make it necessary to recognize and predict multi-step attacks. In this paper, a novel method of recognizing and predicting multi-step attacks is proposed. It calculates attack conversion frequencies, and then mines the multi-step attack sequences. On this basis, it matches the new alert sequences dynamically, recognizes the multi-step attacks and predicts the next attack step. The result of experiment shows that the proposed method is effective and accurate.
MAN Da-peng,LI Xue-zhen,YANG Wu,WANG Wei,XUAN Shi-chang,"A Multi-step Attack Recognition and Prediction Method Via Mining Attacks Conversion Frequencies", IJWMT, vol.2, no.2, pp.20-25, 2012. DOI: 10.5815/ijwmt.2012.02.04
[1]Swiler, L.P.; Phillips, C.; Ellis, D.; Chakerian, S., "Computer-attack graph generation tool," DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings , vol.2, no., pp.307-321 vol.2, 2001
[2]Templeton S,Levitt K. "A requires/provides model for computer attacks.," In Proceedings of the New Security Paradigm Workshop, September 18, 2000 - September 22, 2000, Anonymous Association for Computing Machinery, Ballycotton, Ireland, pp:31-38,2000
[3]P Ning, D Reeves,and Yun Cui. Correlating alerts using prerequisites of intrusions. Technical Report TR-2001-13,North Carolina State University,Department of Computer Science,USA ,:pp:23-39, 2001
[4]P.Ning,Yun Cui. An intrusion alert correlator based on prerequisites of intrusions.Technical Report TR-2002-01,North Carolina State University, Department of Computer Science,USA ,pp:31-43, 2002
[5]W.Lee and X.Qin.Statistical Causality Analysis of INFOSEC Alert Data.G.Vigna,E.Jonsson andC.Kruegel, Editors.RAID. Springer. Berlin, Heidelberg,:pp:73-93, 2003
[6]Q.Xinzhou and L.Wenke. Discovering novel attack strategies from INFOSEC alerts.Sophia Antipolis, France,ESORICS,pp:439-456,2004
[7]QIN,X and LEE,W.Causal discovery-based alert correlation.In:the 21th Annual Computer Security Applications Conference(ACSAC 2005).Tucson,AZ.,December,pp:33-40, 2005
[8]W., LI ZHI-TANG, JIE, L. AND YAO, L. “A novel algorithm SF for mining attack scenarios model.” In IEEE International Conference on e-Business Engineering, 24-26 Oct. 2006, Anonymous IEEE Computer Society, Los Alamitos, CA, USA.