|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)
Automatic attack plan recognition from intrusion alerts
Haier International Training Center, Qingdao, China
July 30-August 01
ISBN: 0-7695-2909-7
| ASCII Text | x | ||
| Wang Li, Li Zhi-tang, Ma Jie, Ma Yang-ming, Zhang Ai-fang, "Automatic attack plan recognition from intrusion alerts," 2010 11th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, vol. 3, pp. 1170-1175, Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007), 2007. | |||
| BibTex | x | ||
| @article{ 10.1109/SNPD.2007.396, author = {Wang Li and Li Zhi-tang and Ma Jie and Ma Yang-ming and Zhang Ai-fang}, title = {Automatic attack plan recognition from intrusion alerts}, journal ={2010 11th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing}, volume = {3}, year = {2007}, isbn = {0-7695-2909-7}, pages = {1170-1175}, doi = {http://doi.ieeecomputersociety.org/10.1109/SNPD.2007.396}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - 2010 11th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing TI - Automatic attack plan recognition from intrusion alerts SN - 0-7695-2909-7 SP1170 EP1175 A1 - Wang Li, A1 - Li Zhi-tang, A1 - Ma Jie, A1 - Ma Yang-ming, A1 - Zhang Ai-fang, PY - 2007 KW - Attack Plan Recognition KW - Attack Sequence Analysis KW - Hi-alert Correlation VL - 3 JA - 2010 11th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SNPD.2007.396
The amount of security application products connected to the Internet increased so dramatically that they usually generate huge volumes of security audit data. Therefore, it is important to develop an advanced alert correlation system that can reduce data redundancy and provide effective direction. This paper describes the framework, SATA, for Security Alerts and Threats analysis. Using SATA, raw audit data is first preprocessed into hi-alerts, which are refined and verified as true threat. We further analyze the correlation-ship of real-time hi-alerts to achieve the goal of online attack plan recognition. A key contribution of the paper is thus in automatic "multi-stage attack plan recognition". It also solves the problem of detecting novel multi-stage attacks. Experiment shows our approach can effectively correlate multi-stage attack behaviors and identify true attack threats.
Index Terms:
Attack Plan Recognition, Attack Sequence Analysis, Hi-alert Correlation
Citation:
Wang Li, Li Zhi-tang, Ma Jie, Ma Yang-ming, Zhang Ai-fang, "Automatic attack plan recognition from intrusion alerts," snpd, vol. 3, pp.1170-1175, Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007), 2007
Usage of this product signifies your acceptance of the Terms of Use.