DocumentCode :
2205741
Title :
Analyzing and Correlating Security Events Using State Machine
Author :
Xuewei, Feng ; Dongxia, Wang ; Jiemei, Zeng ; Guoqing, Ma ; Jin, Li
Author_Institution :
Nat. Key Lab. of Sci. & Technol. on Inf. Syst. Security, Beijing Inst. of Syst. Eng., Beijing, China
fYear :
2010
fDate :
June 29 2010-July 1 2010
Firstpage :
2849
Lastpage :
2854
Abstract :
It is unfeasible to analyze the security events by the manual way for the security manager, because the number of the events is huge and the information contained in the events is meaningless. After analyzing the existing algorithms of security events correlation, we propose an attack scenario reconstruction technology based on state machine. The processes of attackers intruding into the cyberspace can be restored and the more comprehensive attack scenario description information will be generated using this technology. This working lets the security manager more comfy. The state machine based attack scenario reconstruction technology processes security events using clustering analysis and causal analysis concurrently, it builds a correlation state machine in memory for every attack scenario tree which is predefined by the security manager, when security events are coming, the certain state machines will process them, if the condition is satisfied, an attack scenario description information will be generated and then sent to the security manager. The correlating technology based on state machine is more timely and accurately, and at last, we use the DARPA2000 Intrusion Scenario Specific Data Sets to validate the technology, the experiment results show that it is feasible to analyze security events using the technology we proposed.
Keywords :
finite state machines; pattern clustering; security of data; DARPA2000 intrusion scenario specific data sets; attack scenario reconstruction technology; attack scenario tree; causal analysis; clustering analysis; correlation state machine; security events correlation; state machine; Computer crime; Correlation; Cyberspace; Engines; Protocols; XML; attack scenario reconstruction; attack scenario tree; causal analysis; clustering analysis; correlating state machine;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-7547-6
Type :
conf
DOI :
10.1109/CIT.2010.476
Filename :
5578520
Link To Document :
بازگشت