Title :
Attack Scenario Detection Based on Expert System
Author_Institution :
Harbin Inst. of Technol., Shenzhen
Abstract :
Traditional intrusion detection systems only focus on low-level attacks, and only generate isolated alerts. But in practice an attack is made up of a sequence of logical scenarios. As a result, it is difficult for human to understand alerts and take appropriate actions. This paper presents a practical technique to address this issue. The paper proposes a rule-based hierarchical model to construct attack scenarios, and use expert system (CLIPS) as the engine to detect scenarios. In this paper a concrete design method is discussed and applied to analyze snort alerts, the proposed approach can detect attack scenarios in real time, the rules only describe the properties of attacks in a high level and avoid to describe the concrete network or host information, this guarantee the generality of this method, we adopt the known general expert system as the detection engine, so the implementation become very easy.
Keywords :
expert systems; security of data; attack scenario detection; expert system; intrusion detection systems; low-level attacks; rule-based hierarchical model; Complex networks; Concrete; Cybernetics; Design methodology; Engines; Expert systems; Humans; Intrusion detection; Isolation technology; Machine learning; Attack scenario; Expert system; Network security;
Conference_Titel :
Machine Learning and Cybernetics, 2007 International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-0973-0
Electronic_ISBN :
978-1-4244-0973-0
DOI :
10.1109/ICMLC.2007.4370714
