Title :
Practical network attack situation analysis using sliding window cache scheme
Author :
Kim, Jinoh ; Kang, Koohong ; Na, Jungchan ; Kim, Ikkyun ; Kim, Kiyoung ; Jang, Jongsoo ; Sohn, Sungwon
Author_Institution :
Electron. & Telecommun. Res. Inst., Daejeon, South Korea
Abstract :
With the growing deployment of intrusion detection systems, managing reports from these systems become critically important. In situations where there are intensive intrusive actions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the intrusions behind the alerts and to take appropriate actions. Even if isolated events are not considered significant, the set of events may be critical. The alert correlation analysis is related to examine meaningful relationships between alert messages. The situation analysis is a branch of the alert correlation analysis. It is to observe attack activities by aggregating alerts that have certain characteristics in common. In this paper, we present an effective and practical situation analysis scheme that provides realtime analysis capability.
Keywords :
cache storage; security of data; telecommunication security; alert correlation analysis; alert messages; intrusion detection systems; intrusion response systems; network attack situation analysis; sliding window cache scheme; Aggregates; Computer hacking; Computer networks; Computerized monitoring; Engineering management; Humans; Information systems; Intrusion detection; LAN interconnection; Local government;
Conference_Titel :
Communications, 2003. APCC 2003. The 9th Asia-Pacific Conference on
Print_ISBN :
0-7803-8114-9
DOI :
10.1109/APCC.2003.1274256
