Title :
Work in Progress - Tracking Correlated Attacks in Enterprise Intranets through Lattices
Author_Institution :
Dept. of Comput. Sci., Missouri Univ., Rolla, MO
fDate :
Aug. 28 2006-Sept. 1 2006
Abstract :
Tracking attacks caused by correlation between malicious hosts is a rapidly growing research area. In this work-in-progress paper, we propose a lattice-based visualization method to capture the correlation between malicious hosts in an enterprise internal network. We present the design of L-BIDS (lattice-based intrusion detection system) in which the nodes represent the causal and correlated properties of the network messages. In order to track the propagation of a distributed denial of service (DDoS) attack, L-BIDS nodes are highlighted with different colors based on their role within the attack. The colored structure of nodes in an L-BIDS lattice allow us to obtain a concise intrusion signature, therefore, simplifies the tracking of the propagation of the DDoS attack. In our preliminary L-BIDS model, the analysis of the network data is off-line
Keywords :
business communication; intranets; security of data; concise intrusion signature; correlated attack tracking; distributed denial of service attack; enterprise intranets; lattice-based intrusion detection system; lattice-based visualization method; Collaboration; Computer crime; Computer hacking; Event detection; Intrusion detection; Lattices; Monitoring; Visualization; Web server; Attack Graph; Correlation; Distributed Denial of Service Attack; Intrusion Detection; Visualization;
Conference_Titel :
Securecomm and Workshops, 2006
Conference_Location :
Baltimore, MD
Print_ISBN :
1-4244-0423-1
Electronic_ISBN :
1-4244-0423-1
DOI :
10.1109/SECCOMW.2006.359570
