Alert processing based on attack graph and multi-source analyzing

Alert processing based on attack graph and multi-source analyzing

Current attack graph-based alert correlation cannot deal with graph relation between alerts properly,and a large number of redundant attack paths may arise when trying to find out missing alerts and predict future attacks.A multi-source alert analyzing method was proposed,fully utilizing graph relat...

Full description

Saved in:
Bibliographic Details
Main Authors: Wei-xin LIU, Kang-feng ZHENG, Bin WU, Yi-xian YANG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2015-09-01
Series:Tongxin xuebao
Subjects:
alert correlation
attack graph
multi-source analyzing
parallel processing
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015193/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Current attack graph-based alert correlation cannot deal with graph relation between alerts properly,and a large number of redundant attack paths may arise when trying to find out missing alerts and predict future attacks.A multi-source alert analyzing method was proposed,fully utilizing graph relation and threshold to correlate mapped alerts and eventually reduce false positive rate as well as true negative rate.To improve the speed of the algorithm,a parallel alert processing system (AG-PAP) was proposed.AG-PAP is tested on distributed environment which gets satisfied effec-tiveness and performance.
ISSN:1000-436X

Similar Items