Title :
A distributional attack scenario monitoring system based on dynamic peer-to-peer overlay hierarchy
Author :
Nie, Chu-Jiang ; Feng, Dong-Guo ; Han, Zheng-Qing ; Su, Pu-Rui
Author_Institution :
Chinese Inf. Security Key Lab., Chinese Acad. of Sci., Beijing, China
Abstract :
Many attacks and suspicious actions cause a huge number of alerts raised by Intrusion Detection Systems (IDSs) on Internet. It is very hot to reveal attacks from these alerts. These alerts are high-quantity but low-quality because of many false alerts raised by IDS and non-relevant alerts caused by different attacks or suspicious actions. We find that various attacks usually adopt similar strategies on internet. So, in this paper, we construct a predefined attack scenario to illustrate the behaviors of attacks and detect attacks adopting known strategies on network. To distinguish different attacks dispersed on cyberspace, we implement a prototype on a novel P2P architecture, which can improve the efficiency of detecting attacks significantly. What is more, our prototype can monitor network in unlimited scale online and perform efficiently and accurately.
Keywords :
Internet; peer-to-peer computing; security of data; IDS; Internet; P2P architecture; cyberspace; distributional attack scenario monitoring system; dynamic peer-to-peer overlay hierarchy; intrusion detection systems; network monitoring; nonrelevant alerts; predefined attack scenario; suspicious actions; Computer architecture; IP networks; Internet; Machine learning; Monitoring; Prototypes; Security; Attack graph; Attack scenario; P2P;
Conference_Titel :
Machine Learning and Cybernetics (ICMLC), 2011 International Conference on
Conference_Location :
Guilin
Print_ISBN :
978-1-4577-0305-8
DOI :
10.1109/ICMLC.2011.6016716
