Assessing attack threat by the probability of following attacks

International Conference on Networking, Architecture, and Storage, NAS 2007

Volumn , Issue , 2007, Pages 91-98

  Li, Zhi Tang ^a   Lei, Jie ^a   Wang, Li ^a   Li, Dong ^a  

^a HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

DATA MINING; INFORMATION MANAGEMENT; INTRUSION DETECTION; RANDOM PROCESSES;

ATTACK SCENARIOS; ATTACK TYPES; DATA SETS; INTRUSION ALERTS; MINING ALGORITHMS; NETWORK INTRUSIONS; REAL TIMES; THREAT ASSESSMENTS;

PROBABILITY;

EID: 47749097132     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NAS.2007.15     Document Type: Conference Paper

References (26)

1. Bugtraq, http://www.securityfocus.com/archive/1.
2. S. A. Agrawal R., Imielinski T. Mining association rules between sets of items in large databases. In Proceedings of the ACM SIGMOD Conference on Management of Data, pages 207-216, 1993.
3. G. V. Andre Arnes, Fredrik Valeur and R. A. Kemmerer. Using hidden markov models to evaluate the risk of intrusions. In Proceedings of the International Symposium on the Recent Advances in Intrusion Detection (RAID 2006), pages 145-164. Springer-Verlag, 2006.
4. F. Cuppens. Managing alerts in a multi-intrusion detection environment. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, Louisiana, 2001.
5. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. Proceedings 2002 IEEE Symposium on Security and Privacy (SP 2002), page 202, Berkeley, CA, USA, 2002. IEEE Comput. Soc.
6. CVE. Common vulnerabilities and exposures, http://www.cve.mitre.org/.
7. CVSS. Common vulnerability scoring system, http://nvd.nist.gov/cvss.cfm.
8. O. Dain and R. Cunningham. Fusing a heterogeneous alert stream into scenarios. In Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, 2001.
9. G. Eschelbeck and M. Krieger. Eliminating noise from intrusion detection systems. Information Security Technical Report, 8(4):26, 2003.
10. B. Z. Ghorbani and A. A. Alert correlation for extracting attack strategies. International Journal of Network Security, 3(3):244-258, 2006.
11. R. Gula. Correlating ids alerts with vulnerability information. technical report, Tenable Network Security, Dec. 2002.
12. S. J. Y. Jared Holsopplea and M. Suditb. Tandi: Threat assessment of network data and information. In Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006. Proc. of SPIE Vol. 6242, 2006.
13. A. K. John R. Goodall, Wayne G. Lutters. The work of intrusion detection:rethinking the role of security analyst. In Proceedings of the Tenth Americas Conference on Information Systems, New York, 2004.
14. K. Julisch and M. Dacier. Mining intrusion detection alarms for actionable knowledge. In ACM Conference on Knowledge Discovery and Data Mining, pages 366-375, 2002.
15. C. Kruegel and W. Robertson. Alert verification: Determining the success of intrusion attempts. In Workshop of the Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2004), 2004.
16. W. Lee and X. Qin. Statistical causality analysis of infosec alert data. In Proceedings of the International Symposium on the Recent Advances in Intrusion Detection (RAID 2003), pages 73-94. Springer-Verlag, 2003.
17. S. J. R. L. Oleg Sheyner, Joshua Haines and J. M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (SP 2002), pages 273-284, 2002.
18. P. A. Porras, M. W. Fong, and A. Valdes. A mission-impact-based approach to infosec alarm correlation. In Proceedings of the International Symposium on the Recent Advances in Intrusion Detection(RAID 2002), page 95. Springer-Verlag, 2002.
19. M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the USENIX LISA 1999 Conference, 1999.
20. O. D. Stephen Boyer and R. Cunningham. Stellar: A fusion system for scenario construction and security risk assessment. In Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA05). IEEE, 2005.
21. K. M. J. Susmit Panjwani, Stephanie Tan and M. Cukier. An experimental evaluation to determine if port scans are precursors to an attack. In Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN 2005), pages 602-611, 2005.
22. Symantec. Internet security threat report: Volume x: September 2006. Technical report, January,2007.
23. J. J. T. Thurimella and Ramakrishna. A framework for the application of association rule mining in large intrusion detection infrastructure. In Proceedings of the International Symposium on the Recent Advances in Intrusion Detection(RAID 2006), pages 1-18. Springer-Verlag, 2006.
24. H. Z. E. C. Vaibhav Mehta, Constantinos Bartzis and J. Wing. Ranking attack graphs. In Proceedings of the International Symposium on the Recent Advances in Intrusion Detection(RAID 2006), pages 127-144. Springer-Verlag, 2006.
25. S. S.Wenke Lee. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium, pages 79-94, 1998.
26. L. W. D. L. Zhi-tang Li, Jie Lei and Y. ming Ma. Towards identifying true threat from network security data. In Pacific-Asia Workshop on Intelligence and Security Informatics (PAISI 2007), pages 160-171. Springer-Verlag, 2007.