Generating network attack graphs for security alert correlation

Author

Zhang, Shaojun ; Li, Jianhua ; Chen, Xiuzhen ; Fan, Lei

Author_Institution

Sch. of Inf. Security Eng., Shanghai Jiaotong Univ., Shanghai

fYear

2008

fDate

25-27 Aug. 2008

Firstpage

230

Lastpage

235

Abstract

Most network administrators have got the unpleasant experience of being overwhelmed by tremendous unstructured network security alerts produced by heterogeneous network devices. To date, various approaches have been proposed to correlate security alerts, including the adoption of network attack graphs to clarify their causal relationship. However, there still lacks an operational method to generate attack graphs tailored for alert correlation, especially in large scale network environments. In this paper, we propose a kind of attack graph which can be built in polynomial time using an intuitive object-oriented method. Based on the graph, a criterion is given out to correlate security alerts into scenarios. As practice, a prototype system is implemented to testify the feasibility of the approaches.

Keywords

telecommunication network management; telecommunication security; network attack graphs; network security; security alert correlation; Concrete; Correlation; Information security; Job design; Large-scale systems; Object oriented modeling; Polynomials; Prototypes; Scalability; System testing; alert correlation; attack graph; network security;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications and Networking in China, 2008. ChinaCom 2008. Third International Conference on

Conference_Location

Hangzhou

Print_ISBN

978-1-4244-2373-6

Electronic_ISBN

978-1-4244-2374-3

Type

conf

DOI

10.1109/CHINACOM.2008.4685009

Filename

4685009