Building Scenario Graph Using Clustering

Safaa O. Al-Mamory, Hong Li Zhang
2007 2007 International Conference on Convergence Information Technology (ICCIT 2007)  
The increasing use of Network Intrusion Detection Systems (NIDSs) and a relatively high false alert rate can lead to a huge volume of alerts. This makes it very difficult for security analysts to detect long run attacks. In this paper, we have proposed a system that represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted scenario graphs (SGs) which reflect attack scenarios. We have conducted the experiments using Snort as NIDS with different datasets
more » ... hat contains multistep attacks. The resulted compressed SGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.
doi:10.1109/iccit.2007.51 fatcat:f5hevyfbmndbrcmc2hkbkld6li