Title :
Extracting and querying network attack scenarios knowledge in IDS using PCTCG and alert semantic networks
Author :
Yan, Wei ; Hou, Edwin ; Ansari, Nirwan
Author_Institution :
Dept. of Electr. & Comput. Eng., New Jersey Inst. of Technol., Newark, NJ, USA
Abstract :
The increasing use of intrusion detection system gives rise to a huge volume of alert logs, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a four-layer semantic scheme designed to allow inferring attack scenarios and enabling attack semantic queries. The modified case grammar, PCTCG, is used to convert the raw alerts into machine-understandable uniform alert streams. The 2-atom alert semantic network, 2-AASN are used to generate attack scenario classes. Afterwards, based on the alert context, attack scenario instances are extracted and attack semantic query results on attack scenario instances using spreading activation technique are forwarded to the security administrator.
Keywords :
grammars; knowledge acquisition; learning (artificial intelligence); query languages; security of data; semantic Web; semantic networks; telecommunication security; 2-AASN; 2-atom alert semantic network; IDS; PCTCG; hidden attack scenario; intrusion detection system; knowledge extraction; machine-understandable uniform alert stream; querying network; security administrator; spreading activation technique; Computer networks; Data mining; Information security; Intelligent agent; Intelligent networks; Intrusion detection; Keyword search; Monitoring; Semantic Web; XML;
Conference_Titel :
Communications, 2005. ICC 2005. 2005 IEEE International Conference on
Print_ISBN :
0-7803-8938-7
DOI :
10.1109/ICC.2005.1494597
