期刊名称:International Journal of Computer Networks (IJCN)
电子版ISSN:1985-4129
出版年度:2016
卷号:8
期号:1
页码:1-12
出版社:Computer Science Journals
摘要:Internet attacks are continuously increasing in the last years, in terms of scale and complexity, challenging the existing defense solutions with new complications and making them almost ineffective against multi-stage attacks, in particular the intrusion detection systems which fail to identify such complex attacks. Attack graph is a modeling technique used to visualize the different steps an attacker might select to achieve his end game, based on existing vulnerabilities and weaknesses in the system. This paper studies the application of attack graphs in intrusion detection and prevention systems (IDS/IPS) in order to better identify complex attacks based on predefined models, configurations, and alerts. As a "proof of concept", a tool is developed which interfaces with the well-known SNORT [1] intrusion detection system and matches the alerts with an attack graph generated using the NESSUS [2] vulnerability scanner (maintained up-to-date using the National Vulnerability Database (NVD) [3]) and the MULVAL [4] attack graph generation library. The tool allows to keep track with the attacker activities along the different stages of the attack graph.
