Title :
Generating network attack graphs for security alert correlation
Author :
Zhang, Shaojun ; Li, Jianhua ; Chen, Xiuzhen ; Fan, Lei
Author_Institution :
Sch. of Inf. Security Eng., Shanghai Jiaotong Univ., Shanghai
Abstract :
Most network administrators have got the unpleasant experience of being overwhelmed by tremendous unstructured network security alerts produced by heterogeneous network devices. To date, various approaches have been proposed to correlate security alerts, including the adoption of network attack graphs to clarify their causal relationship. However, there still lacks an operational method to generate attack graphs tailored for alert correlation, especially in large scale network environments. In this paper, we propose a kind of attack graph which can be built in polynomial time using an intuitive object-oriented method. Based on the graph, a criterion is given out to correlate security alerts into scenarios. As practice, a prototype system is implemented to testify the feasibility of the approaches.
Keywords :
telecommunication network management; telecommunication security; network attack graphs; network security; security alert correlation; Concrete; Correlation; Information security; Job design; Large-scale systems; Object oriented modeling; Polynomials; Prototypes; Scalability; System testing; alert correlation; attack graph; network security;
Conference_Titel :
Communications and Networking in China, 2008. ChinaCom 2008. Third International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-1-4244-2373-6
Electronic_ISBN :
978-1-4244-2374-3
DOI :
10.1109/CHINACOM.2008.4685009
