Research on attack scenario reconstruction method based on causal knowledge discovery
In order to discover the attack pattern from the distributed alert data and construct the attack scene,a method of finding the attack scene from the alert data generated by intrusion detection system was studied.Current research suffer from the problem that causal knowledge is complex and difficult...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2017-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2017.00148 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530232591351808 |
|---|---|
| author | Di FAN Jing LIU Jun-xi ZHUANG Ying-xu LAI |
| author_facet | Di FAN Jing LIU Jun-xi ZHUANG Ying-xu LAI |
| author_sort | Di FAN |
| collection | DOAJ |
| description | In order to discover the attack pattern from the distributed alert data and construct the attack scene,a method of finding the attack scene from the alert data generated by intrusion detection system was studied.Current research suffer from the problem that causal knowledge is complex and difficult to understand and it is difficult to automatically acquire the problem.An attack scenario reconstruction method based on causal knowledge discovery was proposed.According to the process of KDD,the sequence set of attack scenes was constructed by the correlation degree of IP attributes among alert data.Time series modeling was adopted to eliminate the false positives to reduce the attack scene sequence.Finally,causal relationship between the alert data was found by using probability statistics.Experiments on the DARPA2000 intrusion scenario specific data sets show that the method can effectively identify the multi-step attack mode. |
| format | Article |
| id | doaj-art-a218eb7dd5ea491daabaf2c40265f2f7 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2017-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-a218eb7dd5ea491daabaf2c40265f2f72025-01-15T03:05:42ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2017-04-013586859550327Research on attack scenario reconstruction method based on causal knowledge discoveryDi FANJing LIUJun-xi ZHUANGYing-xu LAIIn order to discover the attack pattern from the distributed alert data and construct the attack scene,a method of finding the attack scene from the alert data generated by intrusion detection system was studied.Current research suffer from the problem that causal knowledge is complex and difficult to understand and it is difficult to automatically acquire the problem.An attack scenario reconstruction method based on causal knowledge discovery was proposed.According to the process of KDD,the sequence set of attack scenes was constructed by the correlation degree of IP attributes among alert data.Time series modeling was adopted to eliminate the false positives to reduce the attack scene sequence.Finally,causal relationship between the alert data was found by using probability statistics.Experiments on the DARPA2000 intrusion scenario specific data sets show that the method can effectively identify the multi-step attack mode.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2017.00148intrusion detectionalert correlationtime series modelingattack scenario reconstruction |
| spellingShingle | Di FAN Jing LIU Jun-xi ZHUANG Ying-xu LAI Research on attack scenario reconstruction method based on causal knowledge discovery 网络与信息安全学报 intrusion detection alert correlation time series modeling attack scenario reconstruction |
| title | Research on attack scenario reconstruction method based on causal knowledge discovery |
| title_full | Research on attack scenario reconstruction method based on causal knowledge discovery |
| title_fullStr | Research on attack scenario reconstruction method based on causal knowledge discovery |
| title_full_unstemmed | Research on attack scenario reconstruction method based on causal knowledge discovery |
| title_short | Research on attack scenario reconstruction method based on causal knowledge discovery |
| title_sort | research on attack scenario reconstruction method based on causal knowledge discovery |
| topic | intrusion detection alert correlation time series modeling attack scenario reconstruction |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2017.00148 |
| work_keys_str_mv | AT difan researchonattackscenarioreconstructionmethodbasedoncausalknowledgediscovery AT jingliu researchonattackscenarioreconstructionmethodbasedoncausalknowledgediscovery AT junxizhuang researchonattackscenarioreconstructionmethodbasedoncausalknowledgediscovery AT yingxulai researchonattackscenarioreconstructionmethodbasedoncausalknowledgediscovery |