Title :
Using Cluster and Correlation to Construct Attack Scenarios
Author :
Zhang, Yugang ; Xiao, Shisong ; Zhuang, Xin ; Peng, Xi
Author_Institution :
Dept. of Comput. Sci., Huazhong Normal Univ., Wuhan
Abstract :
Nowadays, it becomes more and more important to construct high-level attack scenarios from low-level intrusion alerts reported by intrusion detection systems (IDSs). Some methods have been presented to resolve this problem. These methods have different strengths. However, they also have different limitations. In order to build complicated attack processes accurately, this paper uses cluster and correlation techniques to construct high-level attack scenarios. Fuzzy cluster algorithm based on the similarity of attack attributes is proposed to classify alerts generated by IDSs. And then in every alert class, alert correlation method based on prerequisites and consequences of attacks is used to construct attack scenarios. Finally, to get whole attack graphs, this paper hypothesizes and reasons about attacks possibly missed based on the equality constrain and casual relation between intrusion alerts. The experimental results on LLS DDOS2.0 prove that the method is useful and effective.
Keywords :
correlation methods; fuzzy set theory; pattern classification; pattern clustering; security of data; LLS DDOS2.0; cluster techniques; correlation techniques; equality constrain; fuzzy cluster algorithm; high-level attack scenarios; intrusion detection systems; low-level intrusion alerts; Clustering algorithms; Computer crime; Computer science; Correlation; Humans; Information analysis; Information security; Intrusion detection; Protection; Statistics; Attack Scenario; Cluster; Correlation; similarity;
Conference_Titel :
Cyberworlds, 2008 International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-0-7695-3381-0
