Title :
Modeling the intrusion by using capability of attackers
Author :
Wang, Liang-Min ; Zhang, Jian-Ming ; Ma, Jian-feng
Author_Institution :
Dept. of Comput. Sci., Jiangsu Univ., Zhenjiang, China
Abstract :
Modeling the intrusion is an open problem which is necessary to be solved in intrusion tolerance system. A model of state transition and its constructing algorithm is presented which is described with the capability of attackers. With the attention on the influence upon system, the intrusion is described by the capability of the attacker in this model. And the intrusion model is formalized by the definition of meta-attack. Then an approach to cluster the hyper-alerts into meta-attack using correlation-algorithm is presented. In the end, the method on modeling the intrusion by meta-attack is presented, and the proof of existence and uniqueness of the model constructed by this approach are given.
Keywords :
fault tolerant computing; security of data; alert correlation; intrusion model; intrusion tolerance system; meta-attack; state transition model; Buffer overflow; Clustering algorithms; Computer networks; Computer science; Computer science education; Control systems; Information security; Intrusion detection; Laboratories; Logic; Chronicles; Intrusion model; alert correlation; intrusion tolerance; logic correlation;
Conference_Titel :
Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on
Conference_Location :
Guangzhou, China
Print_ISBN :
0-7803-9091-1
DOI :
10.1109/ICMLC.2005.1527573
