• DocumentCode
    3263076
  • Title

    Scenario based threat detection and attack analysis

  • Author

    Hsiu, Pi-Cheng ; Kuo, Chin-Fu ; Kuo, Tei-Wei ; Juan, Eric Y T

  • Author_Institution
    Dept. of Comput. Sci. & Inf. Eng., National Taiwan Univ., Taipei, Taiwan
  • fYear
    2005
  • fDate
    11-14 Oct. 2005
  • Firstpage
    279
  • Lastpage
    282
  • Abstract
    This paper targets two essential issues in intrusion detection system designs: the optimization of rule selection and the attack discovery in attack analysis. A scenario-based approach is proposed to correlate malicious packets and to intelligently select intrusion detection rules to fire. We propose algorithms for rule selection and attack scenario identification. Potential threats and their relationship for a gateway and Web-server applications are explored as an example in the study. The proposed algorithms are implemented over Snort, a signature-based intrusion detection system, for which we have some encouraging performance evaluation results.
  • Keywords
    Internet; security of data; Snort; Web-server application; attack analysis; attack discovery; attack scenario identification; intrusion detection rule; malicious packet; rule selection; signature-based intrusion detection system; threat detection; Acceleration; Computer science; Databases; Design optimization; Fires; Information security; Intelligent sensors; Intrusion detection; Testing; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security Technology, 2005. CCST '05. 39th Annual 2005 International Carnahan Conference on
  • Print_ISBN
    0-7803-9245-0
  • Type

    conf

  • DOI
    10.1109/CCST.2005.1594819
  • Filename
    1594819
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3263076