Boosting performance in attack intention recognition by integrating multiple techniques
Frontiers of Computer Science in China
Extracting attack scenarios using intrusion semantics
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
A social dimensional cyber threat model with formal concept analysis and fact-proposition inference
International Journal of Information and Computer Security
Human perspective to anomaly detection for cybersecurity
Journal of Intelligent Information Systems
Hi-index | 0.00 |
Most cyber-attacks are not single attack actions. They are multi-step attacks composed by a set of attack actions. Although techniques used by attackers can be diverse, attack patterns are generally finite. So we need to find attack steps that are correlated in an attack scenario. By studying the patterns of multi-step cyber attacks, an algorithm is presented for correlating multi-step cyber attacks and constructing attack scenario system based on modeling multi-step cyber attacks. When alerts appear, the algorithm turns them into corresponding attack models based on the knowledge base and correlates them, whether alert or not is based on the weighted cost in the attack path graph and the attack degree of the corresponding host. And attack scenarios can be constructed by correlating the attack path graphs. Moreover, the model can detect intrusion alerts in real time and revise the attack scenarios. Experiments on the DARPA IDS test dataset show the validity of the algorithm.