Title :
Multistep attacks extraction using compiler techniques
Author :
Al-Mamory, S.O. ; Hongli Zhang
Author_Institution :
Sch. of Comput. Sci., Harbin Inst. of Technol., Harbin
Abstract :
The intrusion detection system (IDS) is a security technology that attempts to identify network intrusions. Defending against multistep intrusions which prepare for each other is a challenging task. In this paper, alerts classified into predefined classes. Then, the context-free grammar (CFG) was used to describe the multistep attacks using alerts classes. Based on the CFGs, the modified LR parser was recruited to generate the parse trees of the scenarios presented in the alerts. The experiments were performed on two different sets of network traffic traces, using different open-source and commercial IDSs. The detected scenarios are represented by correlation graphs (CGs). The experimental results show that the CFG can describe multistep attacks explicitly and the modified LR parser, based on the CFG, can construct scenarios successfully.
Keywords :
context-free grammars; graph theory; program compilers; public domain software; security of data; compiler technique; context-free grammar; correlation graphs; intrusion detection system; modified LR parser; multistep attacks extraction; network traffic; security technology; Bayesian methods; Computer hacking; Engines; Explosions; Intrusion detection; Open source software; Recruitment; Security; Telecommunication traffic; Tree graphs;
Conference_Titel :
High Performance Switching and Routing, 2008. HSPR 2008. International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4244-1981-4
Electronic_ISBN :
978-1-4244-1982-1
DOI :
10.1109/HSPR.2008.4734441
