• DocumentCode
    1903210
  • Title

    Frame-based attack representation and real-time first order logic automatic reasoning

  • Author

    Yan, Wei ; Hou, Edwin ; Ansari, Nirwan

  • Author_Institution
    Dept. of Electr. & Comput. Eng., New Jersey Inst. of Technol., Newark, NJ, USA
  • fYear
    2005
  • fDate
    27-30 June 2005
  • Firstpage
    225
  • Lastpage
    229
  • Abstract
    Internet has grown by several orders of magnitude in recent years, prompting network security as a great concern. Hence, intrusion detection systems (IDSs) are used to timely detect intrusions and defend against attack attempts. However, the current IDS technology generates a huge volume of alert events due to false alarm alerts, and requires costly alert manual reviewing due to the lack of intelligence in IDS. As a solution, security information management (SIM) is a growing area of interest in network security. In this paper, we propose FAR-FAR (frame-based attack representation and first-order logic automatic reasoning) system in SIM to relieve the administrator from the time-consuming and costly alert manual reviewing. With the backward-chaining, FAR-FAR can make real-time reasoning for network attack scenarios. In FAR-FAR, the aggregated alerts from different IDS agents are converted into uniform frame-structured streams by case grammar. Afterwards, first-order logic production rules are used to extract the hidden attack scenarios. Our simulation results show that FAR-FAR´s attack scenario reasoning rate for the incoming alerts are generally far less than the incoming alerts´ inter-arrival time. This guarantees FAR-FAR to automatically reason the attack plans in real time and predict possible attack attempts at an early stage.
  • Keywords
    Internet; backward chaining; frame based representation; frame relay; telecommunication security; Internet; frame-based attack representation; intrusion detection system; network security; real-time first order logic automatic reasoning; security information management; uniform frame-structured stream; Acoustic sensors; Artificial intelligence; Automatic logic units; Data security; Data visualization; Information management; Information security; Intrusion detection; Manuals; Production;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology: Research and Education, 2005. ITRE 2005. 3rd International Conference on
  • Print_ISBN
    0-7803-8932-8
  • Type

    conf

  • DOI
    10.1109/ITRE.2005.1503109
  • Filename
    1503109