Title :
Evaluating attack time expenses for network security alert causal correlation
Author :
Zhang, Shaojun ; Li, Jianhua ; Chen, Xiuzhen ; Fan, Lei
Author_Institution :
Sch. of Inf. Security Eng., Shanghai Jiaotong Univ., Shanghai, China
Abstract :
Network security alert causal correlation aims at correlating causal related security alerts into comprehensible attack scenarios. In this paper, we propose a novel correlation criterion by evaluating the time expenses of the attacks that trigger security alerts. By taking the attack time expenses as random variables and studying their probabilistic distribution, we can calculate the temporal correlation belief metric of any two candidate alerts. To testify the feasibility, a prototype system is designed, implemented and tested with the DARPA 2000 IDS evaluation dataset. Result shows that our method is effective and efficient, providing a strong complementary support for attack scenario construction.
Keywords :
probability; security of data; telecommunication security; attack time expenses; intrusion detection system; network security alert causal correlation; probabilistic distribution; random variables; Computer networks; Computer security; Correlation; Data security; Information security; Intrusion detection; Materials science and technology; Prototypes; Random variables; System testing; alert correlation; attack time expense; network security; temporal correlation belief;
Conference_Titel :
Communication Systems, 2008. ICCS 2008. 11th IEEE Singapore International Conference on
Conference_Location :
Guangzhou
Print_ISBN :
978-1-4244-2423-8
Electronic_ISBN :
978-1-4244-2424-5
DOI :
10.1109/ICCS.2008.4737374
