A distributional attack scenario monitoring system based on dynamic peer-to-peer overlay hierarchy

Author

Nie, Chu-Jiang ; Feng, Dong-Guo ; Han, Zheng-Qing ; Su, Pu-Rui

Author_Institution

Chinese Inf. Security Key Lab., Chinese Acad. of Sci., Beijing, China

Volume

1

fYear

2011

fDate

10-13 July 2011

Firstpage

348

Lastpage

355

Abstract

Many attacks and suspicious actions cause a huge number of alerts raised by Intrusion Detection Systems (IDSs) on Internet. It is very hot to reveal attacks from these alerts. These alerts are high-quantity but low-quality because of many false alerts raised by IDS and non-relevant alerts caused by different attacks or suspicious actions. We find that various attacks usually adopt similar strategies on internet. So, in this paper, we construct a predefined attack scenario to illustrate the behaviors of attacks and detect attacks adopting known strategies on network. To distinguish different attacks dispersed on cyberspace, we implement a prototype on a novel P2P architecture, which can improve the efficiency of detecting attacks significantly. What is more, our prototype can monitor network in unlimited scale online and perform efficiently and accurately.

Keywords

Internet; peer-to-peer computing; security of data; IDS; Internet; P2P architecture; cyberspace; distributional attack scenario monitoring system; dynamic peer-to-peer overlay hierarchy; intrusion detection systems; network monitoring; nonrelevant alerts; predefined attack scenario; suspicious actions; Computer architecture; IP networks; Internet; Machine learning; Monitoring; Prototypes; Security; Attack graph; Attack scenario; P2P;

fLanguage

English

Publisher

ieee

Conference_Titel

Machine Learning and Cybernetics (ICMLC), 2011 International Conference on

Conference_Location

Guilin

ISSN

2160-133X

Print_ISBN

978-1-4577-0305-8

Type

conf

DOI

10.1109/ICMLC.2011.6016716

Filename

6016716