期刊名称:International Journal of Computer Science and Communication Networks
电子版ISSN:2249-5789
出版年度:2012
卷号:2
期号:3
页码:444-452
出版社:Technopark Publications
摘要:Aware aggregation is an important subtask of Imposition detection. The goal is to identify and to cluster different Awares produced by low-level Imposition detection systems, firewalls, etc. Belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-Awares can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., Awares) can be reduced substantially. Meta-Awares may then be the basis for reporting to security experts or for communication within a distributed Imposition detection system. We propose a novel technique for online Aware aggregation which is based on a dynamic, probabilistic model of the current attack situation. Basically, it can be regarded as a data Flowversion of a maximum likelihood approach for the estimation of the model parameters. In addition, meta-Awares are generated with a delay of typically only a few seconds after observing the first Aware belonging to a new attack instance
关键词:Imposition detection; Aware aggregation; generative Model; data Flow algorithm
