A Privacy-Preserving Multi-step Attack Correlation Algorithm
Traditional multi-step attack correlation approaches based on intrusion alerts face the challenge of recognizing attack scenarios because these approaches require complex pre-de fined association rules as well as a high dependency on expert knowledge.Meanwhile,they bare ly consider the privacy issues.Under such circumstance,a novel algortthm is proposed to con- struct multistep attack scenarios based on discovering attack behavior sequential patterns.It an- atyzes time sequential characteristics of attack behaviors and implements a support evaluation method.An optimized candidate attack sequence generation method is applied to solve the prob- lem of predefined association rules complexity as well as expert knowledge dependency.An en- hanced k-anonymity method is applied on this algorithm to realize privacypreserving feature.Fxperimental results indicate that the algorithm has comparatively better performance and accuracy on multistep attack correlation and reaches a well balance between efficiency and privacy issues.
Intrusion Detection Multi-step Attack Alert Correlation Privacy-preserving Sequential Pattern
MA Jin LI Jianhua ZHANG Jian
School of Information Security Engineering,Shanghai Jiao Tong University,Shanghai 200240,China
国内会议
上海
英文
78-93
2012-12-06(万方平台首次上网日期,不代表论文的发表时间)