Extracting and querying network attack scenarios knowledge in IDS using PCTCG and alert semantic networks

Research output: Contribution to journalConference articlepeer-review

3 Scopus citations

Abstract

The increasing use of Intrusion Detection System gives rise to a huge volume of alert logs, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a four-layer semantic scheme designed to allow inferring attack scenarios and enabling attack semantic queries. The modified case grammar, PCTCG, is used to convert the raw alerts into machine-understandable uniform alert streams. The 2-Atom Alert Semantic Network, 2-AASN are used to generate attack scenario classes. Afterwards, based on the alert context, attack scenario instances are extracted and attack semantic query results on attack scenario instances using spreading activation technique are forwarded to the security administrator.

Original languageEnglish (US)
Article numberNG08-2
Pages (from-to)1512-1517
Number of pages6
JournalIEEE International Conference on Communications
Volume3
StatePublished - 2005
Event2005 IEEE International Conference on Communications, ICC 2005 - Seoul, Korea, Republic of
Duration: May 16 2005May 20 2005

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Extracting and querying network attack scenarios knowledge in IDS using PCTCG and alert semantic networks'. Together they form a unique fingerprint.

Cite this