Abstract
The increasing use of Intrusion Detection System gives rise to a huge volume of alert logs, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a four-layer semantic scheme designed to allow inferring attack scenarios and enabling attack semantic queries. The modified case grammar, PCTCG, is used to convert the raw alerts into machine-understandable uniform alert streams. The 2-Atom Alert Semantic Network, 2-AASN are used to generate attack scenario classes. Afterwards, based on the alert context, attack scenario instances are extracted and attack semantic query results on attack scenario instances using spreading activation technique are forwarded to the security administrator.
Original language | English (US) |
---|---|
Article number | NG08-2 |
Pages (from-to) | 1512-1517 |
Number of pages | 6 |
Journal | IEEE International Conference on Communications |
Volume | 3 |
State | Published - 2005 |
Event | 2005 IEEE International Conference on Communications, ICC 2005 - Seoul, Korea, Republic of Duration: May 16 2005 → May 20 2005 |
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Electrical and Electronic Engineering