Network Attack Scenarios Extraction and Categorization by Mining IDS Alert Streams
Дата
Авторы
Yan,Wei
Journal Title
Journal ISSN
Volume Title
Издатель
Journal of Universal Computer Science
Аннотация
Описание
The past few years have witnessed significant increase in DDoS attacks on Internet, prompting network security as a great concern. With the attacks getting more sophisticated, automatically reasoning the attack scenarios in real time and categorizing those scenarios become a critical challenge. However,the overwhelming flow of events generated by Intrusion Detection System (IDS) sensors make it hard for security administrators to uncover hidden attack plans. This paper presents a semantic vector space model to extract and categorize attack scenarios based on First-order Logics (FOL) and linguistics. The modified Case Grammar is introduced to formalize the heterogeneous IDS alerts into uniform structured alert streams. The attack resolution is then used to generate attack semantic network. Afterwards, mutual information is used to determine the alert semantic context range. Based on the attack ontology and alert contexts, attack scenarios are extracted and the alerts are represented as attack semantic space vectors. Finally text categorization technique are used to categorize the intrusion stages. The preliminary results show our model has better performance than the traditional alert correlations.
Ключевые слова
network security , intrusion detection , first-order logics , resolution