Building scenario graph using clustering

Safaa O. Al-Mamory; Hong Li Zhang

doi:10.1109/ICCIT.2007.4420357

Building scenario graph using clustering

Safaa O. Al-Mamory
, Hong Li Zhang

School of Computer Science and Technology, Harbin Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios. We have conducted the experiments using Snort as NIDS with different datasets that contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.

Original language	English
Title of host publication	2007 International Conference on Convergence Information Technology, ICCIT 2007
Pages	799-804
Number of pages	6
DOIs	https://doi.org/10.1109/ICCIT.2007.4420357
State	Published - 2007
Externally published	Yes
Event	2nd International Conference on Convergent Information Technology, ICCIT 07 - Gyongju, Korea, Republic of Duration: 21 Nov 2007 → 23 Nov 2007

Publication series

Name	2007 International Conference on Convergence Information Technology, ICCIT 2007

Conference

Conference	2nd International Conference on Convergent Information Technology, ICCIT 07
Country/Territory	Korea, Republic of
City	Gyongju
Period	21/11/07 → 23/11/07

Access to Document

10.1109/ICCIT.2007.4420357

Cite this

@inproceedings{99da4c8fad77450fad0b5d3850f9b210,

title = "Building scenario graph using clustering",

abstract = "The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios. We have conducted the experiments using Snort as NIDS with different datasets that contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.",

author = "Al-Mamory, \{Safaa O.\} and Zhang, \{Hong Li\}",

year = "2007",

doi = "10.1109/ICCIT.2007.4420357",

language = "英语",

isbn = "0769530389",

series = "2007 International Conference on Convergence Information Technology, ICCIT 2007",

pages = "799--804",

booktitle = "2007 International Conference on Convergence Information Technology, ICCIT 2007",

note = "2nd International Conference on Convergent Information Technology, ICCIT 07 ; Conference date: 21-11-2007 Through 23-11-2007",

}

Al-Mamory, SO & Zhang, HL 2007, Building scenario graph using clustering. in 2007 International Conference on Convergence Information Technology, ICCIT 2007., 4420357, 2007 International Conference on Convergence Information Technology, ICCIT 2007, pp. 799-804, 2nd International Conference on Convergent Information Technology, ICCIT 07, Gyongju, Korea, Republic of, 21/11/07. https://doi.org/10.1109/ICCIT.2007.4420357

Building scenario graph using clustering. / Al-Mamory, Safaa O.; Zhang, Hong Li.
2007 International Conference on Convergence Information Technology, ICCIT 2007. 2007. p. 799-804 4420357 (2007 International Conference on Convergence Information Technology, ICCIT 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Building scenario graph using clustering

AU - Al-Mamory, Safaa O.

AU - Zhang, Hong Li

PY - 2007

Y1 - 2007

N2 - The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios. We have conducted the experiments using Snort as NIDS with different datasets that contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.

AB - The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios. We have conducted the experiments using Snort as NIDS with different datasets that contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.

UR - https://www.scopus.com/pages/publications/49049084218

U2 - 10.1109/ICCIT.2007.4420357

DO - 10.1109/ICCIT.2007.4420357

M3 - 会议稿件

AN - SCOPUS:49049084218

SN - 0769530389

SN - 9780769530383

T3 - 2007 International Conference on Convergence Information Technology, ICCIT 2007

SP - 799

EP - 804

BT - 2007 International Conference on Convergence Information Technology, ICCIT 2007

T2 - 2nd International Conference on Convergent Information Technology, ICCIT 07

Y2 - 21 November 2007 through 23 November 2007

ER -

Building scenario graph using clustering

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this