会议专题

Evaluating Attack Time Expenses for Network Security Alert Causal Correlation

查看全文→
Network security alert causal correlation aims at correlating causal related security alerts into comprehensible attack scenarios. In this paper, we propose a novel correlation criterion by evaluating the time expenses of the attacks that trigger security alerts. By taking the attack time expenses as random variables and studying their probabilistic distribution, we can calculate the temporal correlation belief metric of any two candidate alerts. To testify the feasibility, a prototype system is designed, implemented and tested with the DARPA 2000 IDS evaluation dataset. Result shows that our method is effective and efficient, providing a strong complementary support for attack scenario construction.

network security alert correlation attack time expense temporal correlation belief

Shaojun Zhang Jianhua Li Xiuzhen Chen Lei Fan

School of Information Security Engineering Shanghai Jiaotong University Shanghai,China

国际会议

The 11th IEEE International Conference on Communications Systems(第11届电子和电气工程师协会国际通信系统会议)(IEEE ICCS 2008)

广州

英文

2008-11-19(万方平台首次上网日期,不代表论文的发表时间)