Title :
Correlating Multi-Step Attack and Constructing Attack Scenarios Based on Attack Pattern Modeling
Author :
Liu, Zhijie ; Wang, Chongjun ; Chen, Shifu
Author_Institution :
Nat. Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing
Abstract :
Most cyber-attacks are not single attack actions. They are multi-step attacks composed by a set of attack actions. Although techniques used by attackers can be diverse, attack patterns are generally finite. So we need to find attack steps that are correlated in an attack scenario. By studying the patterns of multi-step cyber attacks, an algorithm is presented for correlating multi-step cyber attacks and constructing attack scenario system based on modeling multi-step cyber attacks. When alerts appear, the algorithm turns them into corresponding attack models based on the knowledge base and correlates them, whether alert or not is based on the weighted cost in the attack path graph and the attack degree of the corresponding host. And attack scenarios can be constructed by correlating the attack path graphs. Moreover, the model can detect intrusion alerts in real time and revise the attack scenarios. Experiments on the DARPA IDS test dataset show the validity of the algorithm.
Keywords :
pattern recognition; security of data; attack pattern modeling; attack scenarios; multistep attack; multistep cyber attacks; Computer hacking; Computer networks; Computer science; Costs; Information security; Intrusion detection; Laboratories; Logic; Testing; attack path graph; attack pattern; attack scenario constructing; multi-step cyber attack;
Conference_Titel :
Information Security and Assurance, 2008. ISA 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3126-7
DOI :
10.1109/ISA.2008.11
