Modeling network attacks for scenario construction

Author

Al-Mamory, Safaa O. ; Hongli Zhang ; Abbas, Ayad R.

Author_Institution

Harbin Inst. of Technol., Harbin

fYear

2008

fDate

1-8 June 2008

Firstpage

1495

Lastpage

1502

Abstract

The Intrusion detection system (IDS) is a security technology that attempts to identify network intrusions. Defending against multistep intrusions which prepare for each other is a challenging task. In this paper, the Context-Free Grammar (CFG) was used to describe the multistep attacks using alerts classes. Based on the CFGs, the modified LR parser was employed to generate the parse trees of the scenarios presented in the alerts. Instead of searching all the received alerts for those that prepare for a new alert, we only search for the latest alertpsilas type of each scenario. Consequently, the proposed system has an attractive time complexity. The experiments were performed on two different sets of network traffic traces, using different open-source and commercial IDSs. The detected scenarios are represented by Correlation Graphs (CGs). The experimental results show that the CFG can describe multistep attacks explicitly and the modified LR parser, based on the CFG, can construct scenarios successfully.

Keywords

computational complexity; context-free grammars; security of data; tree searching; alert class; context-free grammar; correlation graph; intrusion detection system; modified LR parser; network attack modeling; scenario construction; security technology; time complexity; tree searching; Neural networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Neural Networks, 2008. IJCNN 2008. (IEEE World Congress on Computational Intelligence). IEEE International Joint Conference on

Conference_Location

Hong Kong

ISSN

1098-7576

Print_ISBN

978-1-4244-1820-6

Electronic_ISBN

1098-7576

Type

conf

DOI

10.1109/IJCNN.2008.4633994

Filename

4633994