Semantic scheme to extract attack strategies for Web service network security

In the recent years, Web technologies have been used to provide an interface to the distributed services. The advent of the computer networks has accelerated this development, and has sparked the emergence of the numerous environments that enable Web services. However, the computer network security against the distributed denial of service attacks (DDoS) attacks attracts more attentions. The overwhelming alerts generated by the intrusion detection systems make it hard for the security administrator to analyze and extract the attack strategies, which hampers the performance of the attack detection. One method to resolve the problem is the attack scenarios extraction. In this paper, we propose a novel way to correlate the alerts and extract the attack scenarios. The modified case grammar, principal-subordinate consequence tagging case grammar and the alert semantic network, are used to generate the attack classes. Alerts mutual information is also applied to calculate the alert semantic context window size. Afterwards, based on the alert context, the attack instances are extracted.