• DocumentCode
    1936007
  • Title

    Attack Scenario Detection Based on Expert System

  • Author

    Ding, Yu-xin

  • Author_Institution
    Harbin Inst. of Technol., Shenzhen
  • Volume
    6
  • fYear
    2007
  • fDate
    19-22 Aug. 2007
  • Firstpage
    3283
  • Lastpage
    3287
  • Abstract
    Traditional intrusion detection systems only focus on low-level attacks, and only generate isolated alerts. But in practice an attack is made up of a sequence of logical scenarios. As a result, it is difficult for human to understand alerts and take appropriate actions. This paper presents a practical technique to address this issue. The paper proposes a rule-based hierarchical model to construct attack scenarios, and use expert system (CLIPS) as the engine to detect scenarios. In this paper a concrete design method is discussed and applied to analyze snort alerts, the proposed approach can detect attack scenarios in real time, the rules only describe the properties of attacks in a high level and avoid to describe the concrete network or host information, this guarantee the generality of this method, we adopt the known general expert system as the detection engine, so the implementation become very easy.
  • Keywords
    expert systems; security of data; attack scenario detection; expert system; intrusion detection systems; low-level attacks; rule-based hierarchical model; Complex networks; Concrete; Cybernetics; Design methodology; Engines; Expert systems; Humans; Intrusion detection; Isolation technology; Machine learning; Attack scenario; Expert system; Network security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Machine Learning and Cybernetics, 2007 International Conference on
  • Conference_Location
    Hong Kong
  • Print_ISBN
    978-1-4244-0973-0
  • Electronic_ISBN
    978-1-4244-0973-0
  • Type

    conf

  • DOI
    10.1109/ICMLC.2007.4370714
  • Filename
    4370714