DocumentCode
2625751
Title
Building Scenario Graph Using Clustering
Author
Al-Mamory, Safaa O. ; Zhang, Hong Li
Author_Institution
Harbin Inst. of Technol., Harbin
fYear
2007
fDate
21-23 Nov. 2007
Firstpage
799
Lastpage
804
Abstract
The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios. We have conducted the experiments using Snort as NIDS with different datasets that contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.
Keywords
computer networks; graph theory; network theory (graphs); pattern clustering; security of data; telecommunication security; false alert rate; network intrusion detection system; pattern clustering; scenario graph; Bayesian methods; Clustering algorithms; Computer architecture; Computer science; Data mining; Data security; Explosions; Information technology; Intrusion detection; Monitoring;
fLanguage
English
Publisher
ieee
Conference_Titel
Convergence Information Technology, 2007. International Conference on
Conference_Location
Gyeongju
Print_ISBN
0-7695-3038-9
Type
conf
DOI
10.1109/ICCIT.2007.51
Filename
4420357
Link To Document