Filters








2,817 Hits in 5.5 sec

A Multi-step Attack Detection Model Based on Alerts of Smart Grid Monitoring System

Hua Zhang, Xueqi Jin, Ying Li, Zhengwei Jiang, Ye Liang, Zhengping Jin, Qiaoyan Wen
2019 IEEE Access  
INDEX TERMS Smart grid security, alert correlation, multi-step attack, attack graph. 1032 VOLUME 8, 2020  ...  Consequently, the candidate preliminary attack chains are pruned and denoised by negative causal correlation and non-cascading events. Finally, attack chains and visual attack graphs are formed.  ...  ATTACK GRAPH BUILDING The attack graph building module presents the association between attack chains intuitively.  ... 
doi:10.1109/access.2019.2961517 fatcat:tfiyalzd4zer5nqoejio3kezeu

An Evolutionary Approach of Attack Graph to Attack Tree Conversion

Md. Shariful Haque, Travis Atkison
2017 International Journal of Computer Network and Information Security  
Sheyner et al. proposed an attack graph using the similar notion [3]. Fig.2. Example Network.  ...  The goal of this research is to identify the possible direction to construct attack trees from attack graphs analyzing a large volume of data, alerts or logs generated through different intrusion detection  ...  generation step, the Granger Causality Test (GCT) algorithm is used for pairwise correlation between alerts [11] .  ... 
doi:10.5815/ijcnis.2017.11.01 fatcat:dvgbj4r72rf73ittn2vjp3agve

Discovering Novel Attack Strategies from INFOSEC Alerts [chapter]

Xinzhou Qin, Wenke Lee
2004 Lecture Notes in Computer Science  
For this type of attack relationship, we develop a Bayesian-based correlation engine to correlate attack steps based on security states of systems and networks.  ...  Correlating security alerts and discovering attack strategies are important and challenging tasks for security analysts.  ...  [5] build alert correlation systems based on matching the pre-/post-conditions of individual alerts. The idea of this approach is that prior attack steps prepare for later ones.  ... 
doi:10.1007/978-3-540-30108-0_27 fatcat:tqlwdb73wzdo7jl3gkbhtia3ka

A Review of Intrusion Alerts Correlation Frameworks

Joseph Mbugua Chahira, Jane Kinanu Kiruki, Peter Kiprono Kemei
2016 International Journal of Computer Applications Technology and Research  
This work will review current alert correlation systems in terms of approaches and propose design consideration for an efficient alert correlation technique.  ...  Thus Alert and event correlation is required to preprocess, analyze and correlate the alerts produced by one or more network intrusion detection systems and events generated from different systems and  ...  In this method, the knowledge base of attack patterns is represented as a graph model called causal relations graph.  ... 
doi:10.7753/ijcatr0504.1009 fatcat:rwtm3hy6urerbhlvl4kox7jfg4

MARS: Multi-stage Attack Recognition System

Faeiz Alserhani, Monis Akhlaq, Irfan U. Awan, Andrea J. Cullen, Pravin Mirchandani
2010 2010 24th IEEE International Conference on Advanced Information Networking and Applications  
In this paper, we identify the limitations of the current techniques and propose a framework for alert correlation that overcomes these shortcomings.  ...  Alerts correlation techniques have been widely used to provide intelligent and stateful detection methodologies. This is to understand attack steps and predict the expected sequence of events.  ...  Even though, these methods are useful for alert fusion and statistical purposes but they fail to discover the causal connection between alerts.  ... 
doi:10.1109/aina.2010.57 dblp:conf/aina/AlserhaniAACM10 fatcat:bn4ktakv5jflzcvxzz552oiqcy

Alert Correlation System with Automatic Extraction of Attack Strategies by Using Dynamic Feature Weights

Chih-Hung Wang, Ye-Chen Chiou
2016 International Journal of Computer and Communication Engineering  
In this paper, we proposed an alert correlation system with automatic extraction of attack strategies.  ...  Therefore, it is very important to automatically extract attack strategies in the alert correlation system.  ...  Several alert correlation methods build the attack graph with the known network topologies and known vulnerabilities [7] .  ... 
doi:10.17706/ijcce.2016.5.1.1-10 fatcat:onijzubylrfb5cn3rtkxhieyry

Building Scenario Graph Using Clustering

Safaa O. Al-Mamory, Hong Li Zhang
2007 2007 International Conference on Convergence Information Technology (ICCIT 2007)  
Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios.  ...  The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.  ...  Building Scenario Graphs This component contains alert correlation and SG generation. In this paper, we have proposed a technique that builds simple SG using alert clustering and correlation.  ... 
doi:10.1109/iccit.2007.51 fatcat:f5hevyfbmndbrcmc2hkbkld6li

Building Scenario Graph Using Clustering

Safaa O. Al-Mamory, Hong Li Zhang
2007 2007 International Conference on Convergence Information Technology (ICCIT 2007)  
Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios.  ...  The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.  ...  Building Scenario Graphs This component contains alert correlation and SG generation. In this paper, we have proposed a technique that builds simple SG using alert clustering and correlation.  ... 
doi:10.1109/iccit.2007.4420357 fatcat:hoa5af6m5bbw5craqxh4a57xay

Study of Alert Correlation Technique

Ankita B. Palekar
2017 IJARCCE  
This suggests the relationship of two alerts, which is helpful for determining attack scenarios.  ...  Alert correlation is a significant technique for arranging large volume of intrusion alerts that are produced by Intrusion Detection Systems (IDSs).  ...  Assigning correlation probability can help to build alert and attack graphs that presents the real attack scenario.  ... 
doi:10.17148/ijarcce.2017.63150 fatcat:lmyka3qzejgl3p3zdcpmuqj2ui

A Hybrid Alarm Association Method Based on AP Clustering and Causality

Xiao-ling Tao, Lan Shi, Feng Zhao, Shen Lu, Yang Peng, Zhuojun Duan
2021 Wireless Communications and Mobile Computing  
a complete attack process based on the causal correlation idea.  ...  The new alarm correlation method has a high correlation effect and builds a complete attack process to help managers identify attack intentions and prevent attacks.  ...  Literature [21] proposed an alert correlation framework (RTECA), the type of framework extracts causality based on Bayesian networks in offline mode and constructs an attack graph.  ... 
doi:10.1155/2021/5576504 fatcat:dxvzn3xssrczxfih2rtkh7sc24

Scenario Discovery Using Abstracted Correlation Graph

Safaa O. Al-Mamory, Hong Li Zhang
2007 2007 International Conference on Computational Intelligence and Security (CIS 2007)  
Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for the ease to understand by human analysts.  ...  In this paper, a system was proposed to represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted correlation graphs (CGs) which reflect attack scenarios.  ...  The intention of using graph representation for attack scenarios is to give the security analyst an intrinsic view of the network status.  ... 
doi:10.1109/cis.2007.21 dblp:conf/cis/Al-MamoryZ07 fatcat:kpx47bwgkrainl7ok6dw5k7zfi

Alert Correlation for Extracting Attack Strategies

Bin Zhu, Ali A. Ghorbani
2006 International Journal of Network Security  
This suggests the causal relationship of two alerts, which is helpful for constructing attack scenarios.  ...  Alert correlation is an important technique for managing large the volume of intrusion alerts that are raised by heterogenous Intrusion Detection Systems (IDSs).  ...  Section 2 provides details of the proposed techniques for alert correlation and attack graph generation. Two neural network approaches for alert correlation are proposed.  ... 
dblp:journals/ijnsec/ZhuG06 fatcat:ws43vfzvtbdcpf4boa6k3ksrui

Discovering Correlations: A Formal Definition of Causal Dependency Among Heterogeneous Events

Charles Xosanavongsa, Eric Totel, Olivier Bettan
2019 2019 IEEE European Symposium on Security and Privacy (EuroS&P)  
., network, system, and application) with the main objective of formally defining a causal relationship among logged events.  ...  Finally, we describe the implementation and assessment of the model according to real attacks on distributed environments and its accuracy to extract all causally linked events related to a given attack  ...  ACKNOWLEDGEMENTS We would like to thank Pierre Wilke, Adam Faci and the anonymous reviewers for their precious time, valuable suggestions and comments.  ... 
doi:10.1109/eurosp.2019.00033 dblp:conf/eurosp/XosanavongsaTB19 fatcat:oktofipft5dfzd2cgdqp7zoqny

Extracting Attack Scenarios Using Intrusion Semantics [chapter]

Sherif Saad, Issa Traore
2013 Lecture Notes in Computer Science  
Our approach can reconstruct known and unknown attack scenarios and correlate alerts generated in multi-sensor IDS environment.  ...  Building the attack scenario is the first step to understand an attack and extract useful attack intelligence.  ...  Algotithm 1 illustrates the steps to build the Alerts Correlation Graph.  ... 
doi:10.1007/978-3-642-37119-6_18 fatcat:mebgnxfq55acvjz5w37svs74je

Event-Based Alert Correlation System to Detect SQLI Activities

Faeiz Alserhani, Monis Akhlaq, Irfan U. Awan, Andrea J. Cullen
2011 2011 IEEE International Conference on Advanced Information Networking and Applications  
In this paper, we have identified the limitations of the current techniques and propose a model for alert correlation that overcomes the shortcomings.  ...  Alerts correlation techniques have been widely used to provide intelligent and stateful detection methodologies. This is to understand attack steps and predict the expected sequence of events.  ...  Even though, these methods are useful for alert fusion and statistical purposes but they fail to discover the causal connection between alerts.  ... 
doi:10.1109/aina.2011.102 dblp:conf/aina/AlserhaniAAC11 fatcat:cqzyrg3jtzdernhanam7xz2qwa
« Previous Showing results 1 — 15 out of 2,817 results