Title :
A novel technique of recognizing multi-stage attack behaviour
Author :
Li, Wang ; Zhi-Tang, Li ; Qi-hong, Wang
Author_Institution :
Comput. Sch., Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
Since security audit data increased so dramatically, management and analysis of these security data become a critical and challenge issue. SATA (security alerts and threat analysis project) aims at analyzing the security events and detecting the security threat. In this paper, we proposed a novel method of constructing attack scenarios model in order to recognize multi-stage attack behaviour and predict potential attack steps of the attacker. Our method based on statistical method using the feature of time consecution association of contextual attack steps. Besides, we proposed a new method of computing the correlativity between two contextual attacks which enhances the correlationship of the attack scenarios model and ensures the accuracy of the final correlation result. The idea is easy to implement and it can be used to detect novel multi-stage attacks. Experiment shows that our method is effective and feasible
Keywords :
security of data; statistical analysis; contextual attack steps; multistage attack behaviour recognition; security alerts and threat analysis project; security audit data; security data management; security events analysis; security threat detection; statistical method; time consecution association; Computer security; Context modeling; Correlation; Data security; Educational institutions; Event detection; Intrusion detection; Predictive models; Statistical analysis; Technology management;
Conference_Titel :
Networking, Architecture, and Storages, 2006. IWNAS '06. International Workshop on
Conference_Location :
Shenyang
Print_ISBN :
0-7695-2651-9
DOI :
10.1109/IWNAS.2006.11