Title :
Building Scenario Graph Using Clustering
Author :
Al-Mamory, Safaa O. ; Zhang, Hong Li
Author_Institution :
Harbin Inst. of Technol., Harbin
Abstract :
The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios. We have conducted the experiments using Snort as NIDS with different datasets that contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.
Keywords :
computer networks; graph theory; network theory (graphs); pattern clustering; security of data; telecommunication security; false alert rate; network intrusion detection system; pattern clustering; scenario graph; Bayesian methods; Clustering algorithms; Computer architecture; Computer science; Data mining; Data security; Explosions; Information technology; Intrusion detection; Monitoring;
Conference_Titel :
Convergence Information Technology, 2007. International Conference on
Conference_Location :
Gyeongju
Print_ISBN :
0-7695-3038-9
DOI :
10.1109/ICCIT.2007.51
