Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Attack scenario construction with a new sequential mining technique
SNPD '07 Proceedings of the Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing - Volume 01
Scenario Discovery Using Abstracted Correlation Graph
CIS '07 Proceedings of the 2007 International Conference on Computational Intelligence and Security
Correlating Multi-Step Attack and Constructing Attack Scenarios Based on Attack Pattern Modeling
ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
A method for determining ontology-based semantic relevance
DEXA'07 Proceedings of the 18th international conference on Database and Expert Systems Applications
| Hi-index | 0.00 |
Building the attack scenario is the first step to understand an attack and extract useful attack intelligence. Existing attack scenario reconstruction approaches, however, suffer from several limitations that weaken the elicitation of the attack scenarios and decrease the quality of the generated attack scenarios. In this paper, we discuss the limitations of the existing attack scenario reconstruction approaches and propose a novel hybrid approach using semantic analysis and intrusion ontology. Our approach can reconstruct known and unknown attack scenarios and correlate alerts generated in multi-sensor IDS environment. Our experimental results show the potential of our approach and its advantages over previous approaches.