Alert Analysis and Threat Evaluation in Network Situation Awareness
In this paper we study on the alert analysis technique of Network Situation Awareness (NSA). The overwhelming alerts make it challenging to understand and manage. Although there are already many alert analysis techniques proposed in Intrusion Detection research area, most of them are used to reduce false positives and false negatives. However, the NSA requires the alert analysis techniques to offer highlevel information such as how serious of attacks are and how dangerous of devices are and which attacks or devices need administrator to pay attention to. To address this problem, we propose a time and space based alert analysis technique which can correlate related alerts without background knowledge and offer attack graph to help the administrator understand the attack steps clearly and efficiently. And a threat evaluation is given to find the most dangerous attack, which further saves administrator’s time and energy in processing large amount alerts.
Juan Wang Feng-li Zhang Jing Jin Wei Chen
School of Computer Science and Engineering, University of Electronic Science and Technology, 611731, Chengdu, China
国际会议
2010 International Conference on Communications,Circuits and Systems(2010年通信、电路与系统国际会议)
成都
英文
278-281
2010-06-28(万方平台首次上网日期,不代表论文的发表时间)