REAL-TIME INTRUSION DETECTION ALERT CORRELATION AND ATTACK SCENARIO EXTRACTION BASED ON THE PREREQUISITE-CONSEQUENCE APPROACH

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

ZALI ZEINAB; HASHEMI MASSOUD REZA; SAIDI HOSSEIN

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY Year:2012 | Volume:4 | Issue:2 Page(s): 125-136

Download Full-Text

Persian Verion

View:

1,063

Download:

232

Cites:

Information Journal Paper

Title

REAL-TIME INTRUSION DETECTION ALERT CORRELATION AND ATTACK SCENARIO EXTRACTION BASED ON THE PREREQUISITE-CONSEQUENCE APPROACH

Author(s)

ZALI ZEINAB | HASHEMI MASSOUD REZA | SAIDI HOSSEIN | Issue Writer Certificate

Keywords

ATTACKQ2

INTRUSIONQ1

ATTACK SCENARIOQ2

INTRUSION DETECTION SYSTEMQ2

IDSQ2

ALERTQ2

ALERT CORRELATIONQ2

GRAPHQ2

Abstract

Alert correlation systems attempt to discover the relations among ALERTs produced by one or more INTRUSION detection systems to determine the ATTACK scenarios and their main motivations. In this paper a new IDS ALERT correlation method is proposed that can be used to detect ATTACK scenarios in real-time.The proposed method is based on a causal approach due to the strength of causal methods in practice. To provide a picture of the current intrusive activity on the network, we need a real-time ALERT correlation. Most causal methods can be deployed offline but not in real-time due to time and memory limitations. In the proposed method, the knowledge base of the ATTACK patterns is represented in a GRAPH model called the Causal Relations GRAPH. In the offline mode, we construct Queue trees related to ALERTs' probable correlations. In the real-time mode, for each received ALERT, we can find its correlations with previously received ALERTs by performing a search only in the corresponding tree.Therefore, the processing time of each ALERT decreases significantly. In addition, the proposed method is immune to deliberately slowed ATTACKs. To verify the proposed method, it was implemented and tested using DARPA2000 dataset.Experimental results show the correctness of the proposed ALERT correlation and its efficiency with respect to the running time.

Cites

No record.

References

No record.

Cite

APA: Copy

ZALI, ZEINAB, HASHEMI, MASSOUD REZA, & SAIDI, HOSSEIN. (2012). REAL-TIME INTRUSION DETECTION ALERT CORRELATION AND ATTACK SCENARIO EXTRACTION BASED ON THE PREREQUISITE-CONSEQUENCE APPROACH. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 4(2), 125-136. SID. https://sid.ir/paper/241828/en

Vancouver: Copy

ZALI ZEINAB, HASHEMI MASSOUD REZA, SAIDI HOSSEIN. REAL-TIME INTRUSION DETECTION ALERT CORRELATION AND ATTACK SCENARIO EXTRACTION BASED ON THE PREREQUISITE-CONSEQUENCE APPROACH. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY[Internet]. 2012;4(2):125-136. Available from: https://sid.ir/paper/241828/en

IEEE: Copy

ZEINAB ZALI, MASSOUD REZA HASHEMI, and HOSSEIN SAIDI, “REAL-TIME INTRUSION DETECTION ALERT CORRELATION AND ATTACK SCENARIO EXTRACTION BASED ON THE PREREQUISITE-CONSEQUENCE APPROACH,” THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, vol. 4, no. 2, pp. 125–136, 2012, [Online]. Available: https://sid.ir/paper/241828/en

Related Journal Papers