DocumentCode
1936007
Title
Attack Scenario Detection Based on Expert System
Author
Ding, Yu-xin
Author_Institution
Harbin Inst. of Technol., Shenzhen
Volume
6
fYear
2007
fDate
19-22 Aug. 2007
Firstpage
3283
Lastpage
3287
Abstract
Traditional intrusion detection systems only focus on low-level attacks, and only generate isolated alerts. But in practice an attack is made up of a sequence of logical scenarios. As a result, it is difficult for human to understand alerts and take appropriate actions. This paper presents a practical technique to address this issue. The paper proposes a rule-based hierarchical model to construct attack scenarios, and use expert system (CLIPS) as the engine to detect scenarios. In this paper a concrete design method is discussed and applied to analyze snort alerts, the proposed approach can detect attack scenarios in real time, the rules only describe the properties of attacks in a high level and avoid to describe the concrete network or host information, this guarantee the generality of this method, we adopt the known general expert system as the detection engine, so the implementation become very easy.
Keywords
expert systems; security of data; attack scenario detection; expert system; intrusion detection systems; low-level attacks; rule-based hierarchical model; Complex networks; Concrete; Cybernetics; Design methodology; Engines; Expert systems; Humans; Intrusion detection; Isolation technology; Machine learning; Attack scenario; Expert system; Network security;
fLanguage
English
Publisher
ieee
Conference_Titel
Machine Learning and Cybernetics, 2007 International Conference on
Conference_Location
Hong Kong
Print_ISBN
978-1-4244-0973-0
Electronic_ISBN
978-1-4244-0973-0
Type
conf
DOI
10.1109/ICMLC.2007.4370714
Filename
4370714
Link To Document