Real-Time Alert Correlation with Type Graphs

被引:0
|
作者
Tedesco, Gianni [1 ]
Aickelin, Uwe [1 ]
机构
[1] Univ Nottingham, Sch Comp Sci, Nottingham NG8 1BB, England
来源
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The premise of automated alert correlation is to accept that false alerts from a low level intrusion detection system are inevitable and use attack models to explain the output in an understandable way. Several algorithms exist for this purpose which use attack graphs to model the ways in which attacks can be combined. These algorithms can be classified in to two broad categories namely scenario-graph approaches, which create an attack model starting from a vulnerability assessment and type-graph approaches which rely on an abstract model of the relations between attack types. Solve research in to improving the efficiency of type-graph correlation has been carried out but this research has ignored the hypothesizing of missing alerts. Our work is to present a novel type-graph algorithm which unifies correlation and hypothesizing in to a single operation. Our experimental results indicate that the approach is extremely efficient in the face of intensive alerts and produces compact output graphs comparable to other techniques.
引用
收藏
页码:173 / 187
页数:15
相关论文
共 50 条
  • [1] An incremental frequent structure mining framework for real-time alert correlation
    Sadoddin, Reza
    Ghorbani, Ali A.
    [J]. COMPUTERS & SECURITY, 2009, 28 (3-4) : 153 - 173
  • [2] Real-time Intrusion Alert Correlation System based on Prerequisites and Consequence
    Lin Zhaowen
    Li Shan
    Ma Yan
    [J]. 2010 6TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS NETWORKING AND MOBILE COMPUTING (WICOM), 2010,
  • [3] Real-Time Alert Stream Clustering and Correlation for Discovering Attack Strategies
    Ma, Jie
    Li, Zhi-tang
    Li, Wei-ming
    [J]. FIFTH INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS AND KNOWLEDGE DISCOVERY, VOL 4, PROCEEDINGS, 2008, : 379 - 384
  • [5] IceCube Real-time Alert System
    Satalecka, K.
    [J]. HIGH ENERGY GAMMA-RAY ASTRONOMY, 2017, 1792
  • [6] Real-Time Attack Scenario Detection via Intrusion Detection Alert Correlation
    Zali, Zeinab
    Hashemi, Massoud Reza
    Saidi, Hossein
    [J]. 2012 9TH INTERNATIONAL ISC CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2012, : 95 - 102
  • [8] The GECAM Real-time Burst Alert System
    Huang, Yue
    Shi, Dongli
    Zhang, Xiaolu
    Ma, Xiang
    Zhang, Peng
    Zheng, Shijie
    Song, Liming
    Zhao, Xiaoyun
    Chen, Wei
    Qiao, Rui
    Song, Xinying
    Wang, Jin
    Cai, Ce
    Xiao, Shuo
    Zhang, Yanqiu
    Xiong, Shaolin
    [J]. RESEARCH IN ASTRONOMY AND ASTROPHYSICS, 2024, 24 (10)
  • [9] Real-time Alert System for Home Surveillance
    May, Zazilah Binti
    [J]. 2012 IEEE INTERNATIONAL CONFERENCE ON CONTROL SYSTEM, COMPUTING AND ENGINEERING (ICCSCE 2012), 2012, : 501 - 505
  • [10] The GECAM Real-time Burst Alert System
    Yue Huang
    Dongli Shi
    Xiaolu Zhang
    Xiang Ma
    Peng Zhang
    Shijie Zheng
    Liming Song
    Xiaoyun Zhao
    Wei Chen
    Rui Qiao
    Xinying Song
    Jin Wang
    Ce Cai
    Shuo Xiao
    Yanqiu Zhang
    Shaolin Xiong
    [J]. Research in Astronomy and Astrophysics, 2024, 24 (10) : 1 - 12