Networking, Architecture, and Storages, International Workshop on (2006)
Aug. 1, 2006 to Aug. 3, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IWNAS.2006.11
Wang Li , Huazhong university of science and technology, Hubei Wuhan 430074, China
Li Zhi-tang , Huazhong university of science and technology, Hubei Wuhan 430074, China
Wang Qi-hong , Huazhong university of science and technology, Hubei Wuhan 430074, China
Since security audit data increased so dramatically, management and analysis of these security data become a critical and challenge issue. SATA (Security Alerts and Threat Analysis project) aims at analyzing the security events and detecting the security threat. In this paper, we proposed a novel method of constructing attack scenarios model in order to recognize multi-stage attack behaviour and predict potential attack steps of the attacker. Our method based on statistical method using the feature of time consecution association of contextual attack steps. Besides, we proposed a new method of computing the correlativity between two contextual attacks which enhances the correlation-ship of the attack scenarios model and ensures the accuracy of the final correlation result. The idea is easy to implement and it can be used to detect novel multi-stage attacks. Experiment shows that our method is effective and feasible.
W. Li, W. Qi-hong and L. Zhi-tang, "A novel technique of recognizing multi-stage attack behaviour," 2006 International Workshop on Networking, Architecture, and Storage(IWNAS), Shenyang, 2006, pp. 188-193.