Title :
Real-time multistage attack awareness through enhanced intrusion alert clustering
Author :
Mathew, Sunu ; Britt, Daniel ; Giomundo, Richard ; Upadhyaya, Shambhu ; Sudit, Moises ; Stotz, Adam
Author_Institution :
Dept. of Comput. Sci. & Eng., State Univ. of New York
Abstract :
Correlation and fusion of intrusion alerts to provide effective situation awareness of cyber-attacks has become an active area of research. Snort is the most widely deployed intrusion detection sensor. For many networks and their system administrators, the alerts generated by Snort are the primary indicators of network misuse and attacker activity. However, the volume of the alerts generated in typical networks makes real-time attack scenario comprehension difficult. In this paper, we present an attack-stage oriented classification of alerts using Snort as an example and demonstrate that this effectively improves real-time situation awareness of multistage attacks. We also incorporate this scheme into a real-time attack detection framework and prototype presented by the authors in previous work and provide some results from testing against multistage attack scenarios
Keywords :
computer networks; security of data; telecommunication security; Snort; attack-stage oriented classification; attacker activity; cyber-attacks; intrusion alert clustering; intrusion detection sensor; multistage attacks; network misuse; primary indicators; real-time attack detection; real-time attack scenario; real-time multistage attack awareness; Computer science; Computer security; Fusion power generation; Industrial engineering; Intrusion detection; Military computing; Real time systems; Subcontracting; Taxonomy; Testing;
Conference_Titel :
Military Communications Conference, 2005. MILCOM 2005. IEEE
Conference_Location :
Atlantic City, NJ
Print_ISBN :
0-7803-9393-7
DOI :
10.1109/MILCOM.2005.1605934
