Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 11 / Issue 8

available in:   PDF (336 kB) PS (457 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-011-08-1367

 

Network Attack Scenarios Extraction and Categorization by Mining IDS Alert Streams

Wei Yan (New Jersey Institute of Technology, USA)

Abstract: The past few years have witnessed significant increase in DDoS attacks on Internet, prompting network security as a great concern. With the attacks getting more sophisticated, automatically reasoning the attack scenarios in real time and categorizing those scenarios become a critical challenge. However,the overwhelming flow of events generated by Intrusion Detection System (IDS) sensors make it hard for security administrators to uncover hidden attack plans. This paper presents a semantic vector space model to extract and categorize attack scenarios based on First-order Logics (FOL) and linguistics. The modified Case Grammar is introduced to formalize the heterogeneous IDS alerts into uniform structured alert streams. The attack resolution is then used to generate attack semantic network. Afterwards, mutual information is used to determine the alert semantic context range. Based on the attack ontology and alert contexts, attack scenarios are extracted and the alerts are represented as attack semantic space vectors. Finally text categorization technique are used to categorize the intrusion stages. The preliminary results show our model has better performance than the traditional alert correlations.

Keywords: first-order logics, intrusion detection, network security,, resolution

Categories: I.2.4