Title :
Using supervised and transductive learning techniques to extract network attack scenarios
Author :
Khakpour, Narges ; Jalili, Saeed
Author_Institution :
Sch. of Electr. & Comput. Eng., Tarbiat Modares Univ., Tehran, Iran
Abstract :
Intrusion detection can no longer satisfy security needs of an organization solely. Recently, the attention of security community turned to automatic intrusion response and prevention, as the techniques, to protect network resources as well as to reduce the attack damages. Knowing attack scenarios enables the system administrator to respond to the threats swiftly by either blocking the attacks or preventing them from escalating. Alert correlation is a technique to extract attack scenarios by investigating the correlation of intrusion detection systems alerts. In this paper, we propose a new learning-based method for alert correlation that employs supervised and transductive learning techniques. Using this method, we are able to extract attack scenarios automatically.
Keywords :
learning (artificial intelligence); security of data; alert correlation; intrusion detection; network attack extraction; network resources protection; supervised learning techniques; transductive learning techniques; Computer networks; Computer security; Intrusion detection; Learning systems; Machine learning algorithms; Protection; Semisupervised learning; Supervised learning; Support vector machine classification; Support vector machines;
Conference_Titel :
Computer Conference, 2009. CSICC 2009. 14th International CSI
Conference_Location :
Tehran
Print_ISBN :
978-1-4244-4261-4
Electronic_ISBN :
978-1-4244-4262-1
DOI :
10.1109/CSICC.2009.5349373
