An attack-feedback-based approach for verifying the success of intrusion attempts

Zhi Hong Tian; Bin Li; Hong Li Zhang

doi:10.1109/ICCIAS.2006.294212

An attack-feedback-based approach for verifying the success of intrusion attempts

Zhi Hong Tian^*
, Bin Li
, Hong Li Zhang

^*Corresponding author for this work

Faculty of Computing

Harbin Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

It is well-known that current Intrusion Detection Systems produce large numbers of false alerts. Those low quality alerts make it very hard for administrators to understand and take appropriate actions. To deal with false positive, in this paper, an attack-feedback-based approach is introduced to verify the success of attacks. This method processes each packet as soon as it is received. When a suspect packet is indicative of an attack on an existing network service, the effects of that packet on the host will be further tracked by following the causal dependencies. The experimental results have shown that the proposed technique is highly effective in reducing the alert volume and verifying the success of intrusion attempts.

Original language	English
Title of host publication	2006 International Conference on Computational Intelligence and Security, ICCIAS 2006
Publisher	IEEE Computer Society
Pages	629-632
Number of pages	4
ISBN (Print)	1424406056, 9781424406050
DOIs	https://doi.org/10.1109/ICCIAS.2006.294212
State	Published - 2006
Event	2006 International Conference on Computational Intelligence and Security, ICCIAS 2006 - Guangzhou, China Duration: 3 Oct 2006 → 6 Oct 2006

Publication series

Name	2006 International Conference on Computational Intelligence and Security, ICCIAS 2006
Volume	1

Conference

Conference	2006 International Conference on Computational Intelligence and Security, ICCIAS 2006
Country/Territory	China
City	Guangzhou
Period	3/10/06 → 6/10/06

Access to Document

10.1109/ICCIAS.2006.294212

Cite this

Tian, Z. H., Li, B., & Zhang, H. L. (2006). An attack-feedback-based approach for verifying the success of intrusion attempts. In 2006 International Conference on Computational Intelligence and Security, ICCIAS 2006 (pp. 629-632). Article 4072165 (2006 International Conference on Computational Intelligence and Security, ICCIAS 2006; Vol. 1). IEEE Computer Society. https://doi.org/10.1109/ICCIAS.2006.294212

@inproceedings{ff975533a8eb4ed48fd3e9c83abac788,

title = "An attack-feedback-based approach for verifying the success of intrusion attempts",

abstract = "It is well-known that current Intrusion Detection Systems produce large numbers of false alerts. Those low quality alerts make it very hard for administrators to understand and take appropriate actions. To deal with false positive, in this paper, an attack-feedback-based approach is introduced to verify the success of attacks. This method processes each packet as soon as it is received. When a suspect packet is indicative of an attack on an existing network service, the effects of that packet on the host will be further tracked by following the causal dependencies. The experimental results have shown that the proposed technique is highly effective in reducing the alert volume and verifying the success of intrusion attempts.",

author = "Tian, \{Zhi Hong\} and Bin Li and Zhang, \{Hong Li\}",

year = "2006",

doi = "10.1109/ICCIAS.2006.294212",

language = "英语",

isbn = "1424406056",

series = "2006 International Conference on Computational Intelligence and Security, ICCIAS 2006",

publisher = "IEEE Computer Society",

pages = "629--632",

booktitle = "2006 International Conference on Computational Intelligence and Security, ICCIAS 2006",

address = "美国",

note = "2006 International Conference on Computational Intelligence and Security, ICCIAS 2006 ; Conference date: 03-10-2006 Through 06-10-2006",

}

Tian, ZH, Li, B & Zhang, HL 2006, An attack-feedback-based approach for verifying the success of intrusion attempts. in 2006 International Conference on Computational Intelligence and Security, ICCIAS 2006., 4072165, 2006 International Conference on Computational Intelligence and Security, ICCIAS 2006, vol. 1, IEEE Computer Society, pp. 629-632, 2006 International Conference on Computational Intelligence and Security, ICCIAS 2006, Guangzhou, China, 3/10/06. https://doi.org/10.1109/ICCIAS.2006.294212

An attack-feedback-based approach for verifying the success of intrusion attempts. / Tian, Zhi Hong; Li, Bin; Zhang, Hong Li.
2006 International Conference on Computational Intelligence and Security, ICCIAS 2006. IEEE Computer Society, 2006. p. 629-632 4072165 (2006 International Conference on Computational Intelligence and Security, ICCIAS 2006; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An attack-feedback-based approach for verifying the success of intrusion attempts

AU - Tian, Zhi Hong

AU - Li, Bin

AU - Zhang, Hong Li

PY - 2006

Y1 - 2006

N2 - It is well-known that current Intrusion Detection Systems produce large numbers of false alerts. Those low quality alerts make it very hard for administrators to understand and take appropriate actions. To deal with false positive, in this paper, an attack-feedback-based approach is introduced to verify the success of attacks. This method processes each packet as soon as it is received. When a suspect packet is indicative of an attack on an existing network service, the effects of that packet on the host will be further tracked by following the causal dependencies. The experimental results have shown that the proposed technique is highly effective in reducing the alert volume and verifying the success of intrusion attempts.

AB - It is well-known that current Intrusion Detection Systems produce large numbers of false alerts. Those low quality alerts make it very hard for administrators to understand and take appropriate actions. To deal with false positive, in this paper, an attack-feedback-based approach is introduced to verify the success of attacks. This method processes each packet as soon as it is received. When a suspect packet is indicative of an attack on an existing network service, the effects of that packet on the host will be further tracked by following the causal dependencies. The experimental results have shown that the proposed technique is highly effective in reducing the alert volume and verifying the success of intrusion attempts.

UR - https://www.scopus.com/pages/publications/38549123333

U2 - 10.1109/ICCIAS.2006.294212

DO - 10.1109/ICCIAS.2006.294212

M3 - 会议稿件

AN - SCOPUS:38549123333

SN - 1424406056

SN - 9781424406050

T3 - 2006 International Conference on Computational Intelligence and Security, ICCIAS 2006

SP - 629

EP - 632

BT - 2006 International Conference on Computational Intelligence and Security, ICCIAS 2006

PB - IEEE Computer Society

T2 - 2006 International Conference on Computational Intelligence and Security, ICCIAS 2006

Y2 - 3 October 2006 through 6 October 2006

ER -

An attack-feedback-based approach for verifying the success of intrusion attempts

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this