A novel technique of recognizing multi-stage attack behaviour

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wang Li Articles by Li Zhi-tang Articles by Wang Qi-hong

2006 International Workshop on Networking, Architecture, and Storages (IWNAS'06)

Shenyang, China

August 01-August 03

ISBN: 0-7695-2651-9

	ASCII Text	x
	Wang Li, Li Zhi-tang, Wang Qi-hong, "A novel technique of recognizing multi-stage attack behaviour," Networking, Architecture, and Storages, International Workshop on, pp. 188-193, 2006 International Workshop on Networking, Architecture, and Storages (IWNAS'06), 2006.

	BibTex	x
	@article{ 10.1109/IWNAS.2006.11, author = {Wang Li and Li Zhi-tang and Wang Qi-hong}, title = {A novel technique of recognizing multi-stage attack behaviour}, journal ={Networking, Architecture, and Storages, International Workshop on}, volume = {0}, year = {2006}, isbn = {0-7695-2651-9}, pages = {188-193}, doi = {http://doi.ieeecomputersociety.org/10.1109/IWNAS.2006.11}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Networking, Architecture, and Storages, International Workshop on TI - A novel technique of recognizing multi-stage attack behaviour SN - 0-7695-2651-9 SP188 EP193 A1 - Wang Li, A1 - Li Zhi-tang, A1 - Wang Qi-hong, PY - 2006 KW - null VL - 0 JA - Networking, Architecture, and Storages, International Workshop on ER -

Wang Li, Huazhong university of science and technology, Hubei Wuhan 430074, China

Li Zhi-tang, Huazhong university of science and technology, Hubei Wuhan 430074, China

Wang Qi-hong, Huazhong university of science and technology, Hubei Wuhan 430074, China

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IWNAS.2006.11

Since security audit data increased so dramatically, management and analysis of these security data become a critical and challenge issue. SATA (Security Alerts and Threat Analysis project) aims at analyzing the security events and detecting the security threat. In this paper, we proposed a novel method of constructing attack scenarios model in order to recognize multi-stage attack behaviour and predict potential attack steps of the attacker. Our method based on statistical method using the feature of time consecution association of contextual attack steps. Besides, we proposed a new method of computing the correlativity between two contextual attacks which enhances the correlation-ship of the attack scenarios model and ensures the accuracy of the final correlation result. The idea is easy to implement and it can be used to detect novel multi-stage attacks. Experiment shows that our method is effective and feasible.

Citation:

Wang Li, Li Zhi-tang, Wang Qi-hong, "A novel technique of recognizing multi-stage attack behaviour," iwnas, pp.188-193, 2006 International Workshop on Networking, Architecture, and Storages (IWNAS'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.