Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
COMCOM
2006
2006
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
To defend against multi-step intrusions in high-speed networks, efficient algorithms are needed to correlate isolated alerts into attack scenarios. Existing correlation methods usually employ an in-memory index for fast searches among received alerts. With finite memory, the index can only be built on a limited number of alerts inside a sliding window. Knowing this fact, an attacker can prevent two attack steps from both falling into the sliding window by either passively delaying the second step or actively injecting bogus alerts between the two steps. In either case, the correlation effort is defeated. In this paper, we first address the above issue with a novel queue graph (QG) approach. Instead of searching all the received alerts for those that prepare for a new alert, we only search for the latest alert of each type. The correlation between the new alert and other alerts is implicitly represented using the temporal order between alerts. Consequently, our approach can correlate a...
Real-time TrafficAlerts | Bogus Alerts | COMCOM 2006 | Sliding Window |
Related Content
| Added | 11 Dec 2010 |
| Updated | 11 Dec 2010 |
| Type | Journal |
| Year | 2006 |
| Where | COMCOM |
| Authors | Lingyu Wang, Anyi Liu, Sushil Jajodia |
Comments (0)
Researcher Info
|
