Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks

Research output: Contribution to conferencePaperpeer-review

10 Scopus citations

Abstract

The increasing use of Intrusion Detection System and a relatively high false alarm rate can lead to a huge volume of alerts. This makes it very difficult for security administrators to analyze and detect network attacks. Our solution for this problem is to make the alerts machine understandable. In this paper, we propose a novel way to convert the raw alerts into machine understandable uniform streams, correlate the streams, and extract the attack scenario knowledge. The modified case grammar Principal-subordinate Consequence Tagging Case Grammar and the 2-Atom Alert Semantic Network are used to generate the attack scenario classes. Alert mutual information is also applied to calculate the alert semantic context window size. Based on the alert context, the attack scenario instances are extracted and the attack scenario descriptions are forwarded to the security administrator.

Original languageEnglish (US)
Pages110-117
Number of pages8
StatePublished - 2004
EventProceedings - 29th Annual IEEE International Conference on Local Computer Networks, LCN 2004 - Tampa, FL, United States
Duration: Nov 16 2004Nov 18 2004

Other

OtherProceedings - 29th Annual IEEE International Conference on Local Computer Networks, LCN 2004
CountryUnited States
CityTampa, FL
Period11/16/0411/18/04

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Fingerprint Dive into the research topics of 'Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks'. Together they form a unique fingerprint.

Cite this