Multistep attacks extraction using compiler techniques

Author

Al-Mamory, S.O. ; Hongli Zhang

Author_Institution

Sch. of Comput. Sci., Harbin Inst. of Technol., Harbin

fYear

2008

fDate

15-17 May 2008

Firstpage

183

Lastpage

188

Abstract

The intrusion detection system (IDS) is a security technology that attempts to identify network intrusions. Defending against multistep intrusions which prepare for each other is a challenging task. In this paper, alerts classified into predefined classes. Then, the context-free grammar (CFG) was used to describe the multistep attacks using alerts classes. Based on the CFGs, the modified LR parser was recruited to generate the parse trees of the scenarios presented in the alerts. The experiments were performed on two different sets of network traffic traces, using different open-source and commercial IDSs. The detected scenarios are represented by correlation graphs (CGs). The experimental results show that the CFG can describe multistep attacks explicitly and the modified LR parser, based on the CFG, can construct scenarios successfully.

Keywords

context-free grammars; graph theory; program compilers; public domain software; security of data; compiler technique; context-free grammar; correlation graphs; intrusion detection system; modified LR parser; multistep attacks extraction; network traffic; security technology; Bayesian methods; Computer hacking; Engines; Explosions; Intrusion detection; Open source software; Recruitment; Security; Telecommunication traffic; Tree graphs;

fLanguage

English

Publisher

ieee

Conference_Titel

High Performance Switching and Routing, 2008. HSPR 2008. International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-1981-4

Electronic_ISBN

978-1-4244-1982-1

Type

conf

DOI

10.1109/HSPR.2008.4734441

Filename

4734441