A Multi-step Attack Recognition and Prediction Method Via Mining Attacks Conversion Frequencies

Автор: MAN Da-peng, LI Xue-zhen, YANG Wu, WANG Wei, XUAN Shi-chang

Журнал: International Journal of Wireless and Microwave Technologies(IJWMT) @ijwmt

Статья в выпуске: 2 Vol.2, 2012 года.

Бесплатный доступ

Massive security alerts produced by safety equipments make it necessary to recognize and predict multi-step attacks. In this paper, a novel method of recognizing and predicting multi-step attacks is proposed. It calculates attack conversion frequencies, and then mines the multi-step attack sequences. On this basis, it matches the new alert sequences dynamically, recognizes the multi-step attacks and predicts the next attack step. The result of experiment shows that the proposed method is effective and accurate.

Network security, multi-step attack, alert correlation, attack conversion frequencies

Короткий адрес: https://sciup.org/15012795

IDR: 15012795

Список литературы A Multi-step Attack Recognition and Prediction Method Via Mining Attacks Conversion Frequencies

  • Swiler, L.P.; Phillips, C.; Ellis, D.; Chakerian, S., "Computer-attack graph generation tool," DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings , vol.2, no., pp.307-321 vol.2, 2001
  • Templeton S,Levitt K. "A requires/provides model for computer attacks.," In Proceedings of the New Security Paradigm Workshop, September 18, 2000 - September 22, 2000, Anonymous Association for Computing Machinery, Ballycotton, Ireland, pp:31-38,2000
  • P Ning, D Reeves,and Yun Cui. Correlating alerts using prerequisites of intrusions. Technical Report TR-2001-13,North Carolina State University,Department of Computer Science,USA ,:pp:23-39, 2001
  • P.Ning,Yun Cui. An intrusion alert correlator based on prerequisites of intrusions.Technical Report TR-2002-01,North Carolina State University, Department of Computer Science,USA ,pp:31-43, 2002
  • W.Lee and X.Qin.Statistical Causality Analysis of INFOSEC Alert Data.G.Vigna,E.Jonsson andC.Kruegel, Editors.RAID. Springer. Berlin, Heidelberg,:pp:73-93, 2003
  • Q.Xinzhou and L.Wenke. Discovering novel attack strategies from INFOSEC alerts.Sophia Antipolis, France,ESORICS,pp:439-456,2004
  • QIN,X and LEE,W.Causal discovery-based alert correlation.In:the 21th Annual Computer Security Applications Conference(ACSAC 2005).Tucson,AZ.,December,pp:33-40, 2005
  • W., LI ZHI-TANG, JIE, L. AND YAO, L. “A novel algorithm SF for mining attack scenarios model.” In IEEE International Conference on e-Business Engineering, 24-26 Oct. 2006, Anonymous IEEE Computer Society, Los Alamitos, CA, USA.
Еще
Статья научная