Title :
Alert analysis and threat evaluation in Network Situation Awareness
Author :
Wang, Juan ; Zhang, Feng-li ; Jin, Jing ; Chen, Wei
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol., Chengdu, China
Abstract :
In this paper we study on the alert analysis technique of Network Situation Awareness (NSA). The overwhelming alerts make it challenging to understand and manage. Although there are already many alert analysis techniques proposed in Intrusion Detection research area, most of them are used to reduce false positives and false negatives. However, the NSA requires the alert analysis techniques to offer high-level information such as how serious of attacks are and how dangerous of devices are and which attacks or devices need administrator to pay attention to. To address this problem, we propose a time and space based alert analysis technique which can correlate related alerts without background knowledge and offer attack graph to help the administrator understand the attack steps clearly and efficiently. And a threat evaluation is given to find the most dangerous attack, which further saves administrator´s time and energy in processing large amount alerts.
Keywords :
computer network security; attack graph; high-level information; intrusion detection; network situation awareness; space based alert analysis; threat evaluation; time based alert analysis; Data mining; Equations; IP networks; Intrusion detection; Mathematical model; Servers;
Conference_Titel :
Communications, Circuits and Systems (ICCCAS), 2010 International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-8224-5
DOI :
10.1109/ICCCAS.2010.5582005
