首页    期刊浏览 2024年11月23日 星期六
登录注册

文章基本信息

  • 标题:Discovering Attackers Past Behavior to Generate Online Hyper-Alerts
  • 本地全文:下载
  • 作者:Cláudio Toshio Kawakani ; Sylvio Barbon ; Rodrigo Sanches Miani
  • 期刊名称:iSys - Revista Brasileira de Sistemas de Informação
  • 印刷版ISSN:1984-2902
  • 出版年度:2017
  • 卷号:10
  • 期号:1
  • 页码:122-147
  • 语种:English
  • 出版社:iSys - Revista Brasileira de Sistemas de Informação
  • 摘要:To support information security, organizations deploy Intrusion Detection Systems (IDS) that monitor information systems and networks, generating alerts for every suspicious behavior. However, the huge amount of alerts that an IDS triggers and their low-level representation make the alerts analysis a challenging task. In this paper, we propose a new approach based on hierarchical clustering that supports intrusion alert analysis in two main steps. First, it correlates historical alerts to identify the most common strategies attackers have used. Then, it associates upcoming alerts in real time according to the strategies discovered in the first step. The experiments were performed using a real dataset from the University of Maryland. The results showed that the proposed approach could properly identify the attack strategy patterns from historical alerts, and organize the upcoming alerts into a smaller amount of meaningful hyper-alerts.
  • 其他摘要:To support information security, organizations deploy Intrusion Detection Systems (IDS) that monitor information systems and networks, generating alerts for every suspicious behavior. However, the huge amount of alerts that an IDS triggers and their low-level representation make the alerts analysis a challenging task. In this paper, we propose a new approach based on hierarchical clustering that supports intrusion alert analysis in two main steps. First, it correlates historical alerts to identify the most common strategies attackers have used. Then, it associates upcoming alerts in real time according to the strategies discovered in the first step. The experiments were performed using a real dataset from the University of Maryland. The results showed that the proposed approach could properly identify the attack strategy patterns from historical alerts, and organize the upcoming alerts into a smaller amount of meaningful hyper-alerts.
国家哲学社会科学文献中心版权所有