Attack subplan-based attack scenario correlation

Proceedings of the Sixth International Conference on Machine Learning and Cybernetics, ICMLC 2007

Volumn 4, Issue , 2007, Pages 1881-1887

  Chien, Sheng Hui ^a   Chang, Erh Hsien ^a   Yu, Chih Yung ^a   Ho, Cheng Seen ^b  

^a NATIONAL TAIWAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Taiwan)

^b HWA HSIA INSTITUTE OF TECHNOLOGY   (Taiwan)

Author keywords

Attack ontology; Attack scenario; Attack subplan template; Intrusion detection; Primitive attacks

Indexed keywords

INFORMATION MANAGEMENT; ONTOLOGY; SECURITY OF DATA; SEMANTICS;

ATTACK ONTOLOGY; ATTACK SCENARIO; ATTACK SUBPLAN TEMPLATE; PRIMITIVE ATTACKS; SECURITY SENSORS;

COMPUTER CRIME;

EID: 38049030276     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICMLC.2007.4370455     Document Type: Conference Paper

References (19)

1. Chien, S. H., C.Y. Yu, W.T. Liu, and C.S. Ho," A Primitive Attack Based New Correlation Techniques for Heterogeneous Intrusion Alerts- Primitive Attacks Construction and Detection," Proc. of Ninth Conference on Artificial Intelligence and Applications (TAAI2004), Taipei, Taiwan, November 5-6, 2004.
2. Cuppens, F. and A. Miege, "Alert Correlation in a Cooperative Intrusion Detection Framework," Proc. of 2002 IEEE Symposium on Security and Privacy, pp. 202-215, Oakland, CA, 2002.
3. Dain, O. M. and Cunningham, R. K., "Fusing a Heterogeneous Alert Stream into Scenarios," Proc. of ACM Computer and Communications Security 2001. Philadelphia, Pennsylvania, USA, Nov. 5-8, 2001.
4. Debar, H. and A. Wespi, "Aggregation and Correlation of Intrusion Detection Alerts," Proc. of the 4th symposium on Recent Advances in Intrusion Detection (RAID 2001), Davis, CA, USA, October 2001.
5. FuzzyJ ToolKit, available at http://www.iit.nrc.ca/ IR_public/fuzzy/ fuzzyJToolkit2.html
6. Gorodetski, V. and I. Kotenko, "Attacks against Computer Network: Formal Grammar-based Framework and Simulation Tool," Proc. of the fifth International Workshop on Recent Advances in Intrusion Detection, Zurish, Switzerland, October 16-18, 2002.
7. ICAT database, http://icat.nist.gov/icat.cfm
8. Kendall, K., "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems," Master's Thesis, Massachusetts Institute of Technology, 1998.
9. Lindqvist, U. and P. Porras, "eXpert-BSM: A Host-based Intrusion Detection Solution for Sun Solaris," Proc. of 17th Annual Computer Security Applications Conference (ACSAC), pp. 240-251, New Orleans, Louisiana, 2001.
10. Lucassen, J. M. and R. L. Mercer, "An Information-Theoretic Approach to the Automatic Determination of Phonemic Baseforms," Proc. of the IEEE International Conference on Acoustics, Speech and Signal, pp. 42.5.1-42.5.4, 1984.
11. 2000 DARPA Intrusion Detection Scenario Specific Data Sets, available at http://www.ll.mit.edu/IST/ ideval/data/ 2000/2000_data_index.html
12. Ning, P., Y. Cui, D. S. Reeves, and D. Xu, "Tools and Techniques for Analyzing Intrusion Alerts," ACM Transactions on Information and System Security, Vol. 7, No. 2, pp. 214-318, May 2004.
13. Ourston, D., S. Matzner, W. Stump, B. Hopkins, "Applications of hidden Markov models to detecting multi-stage network attacks," Proc. of the 36th Annual Hawaii International Conference on System Sciences, pp. 10, 6-9 Jan 2003.
14. Protégé, available at http://protege.stanford.edu/ download.html
15. Qin, X. and W. Lee, "Statistical Causality Analysis of INFOSEC Alert Data," Proc. of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, September 2003.
16. RealSecure Network Sensor, available at http://www.iss.net/support/ documentation/docs.php?product=12
17. Roesch, M., "Snort - lightweight intrusion detection for networks," Proc. of LISA'99: 13th Systems Administration Conference, pp. 229-238, Seattle, Washington, November 1999.
18. Valdes, A. and K. Skinner, "Probabilistic alert correlation," Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), LNCS (Lecture Notes In Computer Science), Vol. 2212, Springer-Verlag, pp. 54-68, Davis, CA, USA, 2001.
19. Yan, W., E. Hou, N. Ansari, "Extracting attack scenario knowledge using pctcg and semantic networks," Proc. of the 29th Annual IEEE Conference on Local Computer Networks, pp. 110-117, Orlando, FL, USA.