Title :
Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks
Author :
Yan, Wei ; Hou, Edwin ; Ansari, Nirwan
Author_Institution :
Dept. of Electr. & Comput. Eng., New Jersey Inst. of Technol., Newark, NJ, USA
Abstract :
The increasing use of intrusion detection systems and a relatively high false alarm rate can lead to a huge volume of alerts. This makes it very difficult for security administrators to analyze and detect network attacks. Our solution for this problem is to make the alerts machine understandable. We propose a novel way to convert the raw alerts into machine understandable uniform streams, correlate the streams, and extract the attack scenario knowledge. The modified case grammar principal-subordinate consequence tagging case grammar and the 2-atom alert semantic network are used to generate the attack scenario classes. Alert mutual information is also applied to calculate the alert semantic context window size. Based on the alert context, the attack scenario instances are extracted and the attack scenario descriptions are forwarded to the security administrator.
Keywords :
computer network management; grammars; local area networks; semantic networks; telecommunication security; 2-atom alert semantic network; alert mutual information; alert semantic context window size; attack knowledge extraction; attack scenario descriptions; intrusion detection systems; machine understandable alerts; machine understandable uniform streams; modified case grammar; principal-subordinate consequence tagging case grammar; security administrator; Computer aided software engineering; Computer crime; Computer networks; Data mining; IP networks; Information security; Intrusion detection; Laboratories; Tagging; Web and internet services;
Conference_Titel :
Local Computer Networks, 2004. 29th Annual IEEE International Conference on
Print_ISBN :
0-7695-2260-2
DOI :
10.1109/LCN.2004.57
