期刊文献+
共找到2篇文章
< 1 >
每页显示 20 50 100
Two-Stage Algorithm for Correlating the Intrusion Alerts
1
作者 WANGLiang-min MAJian-feng 《Wuhan University Journal of Natural Sciences》 EI CAS 2005年第1期89-92,共4页
To solve the problem of the aleri flooding and information semantics in theexisting Intrusion Detection Sys-tem(IDS), we present a two-stage algorithm for correlating thealerts. In the first stage- the high-level aler... To solve the problem of the aleri flooding and information semantics in theexisting Intrusion Detection Sys-tem(IDS), we present a two-stage algorithm for correlating thealerts. In the first stage- the high-level alerts is integrated by using the Chronicle patternsbased on time intervals, which describe and match the alerts with the temporal time constrains of aninput sequence. In the second stage, the preparing relationship between the high-level alerts isdefined, which is applied to eorrtlatethe high-level alerts, and the attack scenario is constructedby drawing the attack graph. In the end a given example show? the performances of this two-stagecorrelation algorithm in decreasing the number and improving the information semantic of theintrusion alerts produced by the IDS. 展开更多
关键词 intrusion detection alert correlation partial ordering
下载PDF
A graph based system for multi-stage attacks recognition
2
作者 Safaa O.Al-Mamory 《High Technology Letters》 EI CAS 2008年第2期167-173,共7页
Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the sim... Building attack scenario is one of the most important aspects in network security.This paper pro-posed a system which collects intrusion alerts,clusters them as sub-attacks using alerts abstraction,ag-gregates the similar sub-attacks,and then correlates and generates correlation graphs.The scenarios wererepresented by alert classes instead of alerts themselves so as to reduce the required rules and have the a-bility of detecting new variations of attacks.The proposed system is capable of passing some of the missedattacks.To evaluate system effectiveness,it was tested with different datasets which contain multi-stepattacks.Compressed and easily understandable Correlation graphs which reflect attack scenarios were gen-erated.The proposed system can correlate related alerts,uncover the attack strategies,and detect newvariations of attacks. 展开更多
关键词 network security intrusion detection alert correlation attack graph SCENARIO clus-tering
下载PDF
上一页 1 下一页 到第
使用帮助 返回顶部