An Iterative Alert Correlation Method for Extracting Network Intrusion Scenarios
عنوان مقاله: An Iterative Alert Correlation Method for Extracting Network Intrusion Scenarios
شناسه ملی مقاله: ICEE20_285
منتشر شده در بیستمین کنفرانس مهندسی برق ایران در سال 1391
شناسه ملی مقاله: ICEE20_285
منتشر شده در بیستمین کنفرانس مهندسی برق ایران در سال 1391
مشخصات نویسندگان مقاله:
Reza Anbarestani - University, Qazvin Branch
Behzad Akbari - Modares University, Tehran
Fariba Fathi - University, Qazvin Branch,
خلاصه مقاله:
Reza Anbarestani - University, Qazvin Branch
Behzad Akbari - Modares University, Tehran
Fariba Fathi - University, Qazvin Branch,
Alert correlation aims to provide an abstract and high-level view of environment security state, as one can extract attack strategies from raw intrusion alerts. Mostexisting alert correlation approaches depend on either expert knowledge or predefined patterns for detecting complex attack steps. In this paper we provide a Bayesian network based alertcorrelation approach that is able to discover attack strategies without need to expert knowledge. The main goal of this workis extracting attack scenarios, with taking into account the sequence of actions. We also try to eliminate redundantrelationships in a detected attack scenario. The experimental evaluation using the well-known DARPA 2000 data set shows the efficiency of our proposed approach in extracting theintrusion scenarios
کلمات کلیدی: Alert Correlation, Intrusion Detection, Bayesian Networks, Network Security
صفحه اختصاصی مقاله و دریافت فایل کامل: https://civilica.com/doc/154498/