Title :
An alert fusion framework for situation awareness of coordinated multistage attacks
Author :
Mathew, Sunu ; Shah, Chintan ; Upadhyaya, Shambhu
Author_Institution :
Dept. of Comput. Sci. & Eng., New York State Univ., Buffalo, NY, USA
Abstract :
Recent incidents in the cyber world strongly suggest that coordinated multistage cyber attacks are quite feasible and that effective countermeasures need to be developed. Attack detection by correlation and fusion of intrusion alerts has been an active area of current research. However, most of these research efforts focus on ex post facto analysis of alert data to uncover related attacks. In this paper, we present an approach for dynamically calculating ´scenario credibilities´ based on the state of a live intrusion alert stream. We also develop a framework for attack scenario representation that facilitates real-time fusion of intrusion alerts and calculation of the scenario credibility values. Our approach provides a usable mechanism for detecting, predicting and reasoning about multistage goal-oriented attacks in real time. The details of the fusion framework and a description of multistage attack detection using this framework are presented in this paper.
Keywords :
graph theory; real-time systems; security of data; sensor fusion; alert data; attack countermeasures; attack detection; coordinated multistage attacks; cyber attacks; cyber world; ex post facto analysis; intrusion alert fusion; multistage goal-oriented attacks; real time system; real-time fusion; scenario credibilities; scenario credibility values; situation awareness; Computer science; Conferences; Data analysis; Fuses; Fusion power generation; Intrusion detection; Protection; Subcontracting; Alert correlation; fusion; intrusion detection; multistage attacks; situation awareness;
Conference_Titel :
Information Assurance, 2005. Proceedings. Third IEEE International Workshop on
Print_ISBN :
0-7695-2317-X
DOI :
10.1109/IWIA.2005.3
