Frame-based attack representation and real-time first order logic automatic reasoning

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Internet has grown by several orders of magnitude in recent years, prompting network security as a great concern. Hence, Intrusion Detection Systems (IDSs) are used to timely detect intrusions and defend against attack attempts. However, the current IDS technology generates a huge volume of alert events due to false alarm alerts, and requires costly alert manual reviewing due to the lack of intelligence in IDS. As a solution, Security Information Management (SIM) is a growing area of interest in network security. In this paper, we propose FAR-FAR (Frame-based Attack Representation and First-order logic Automatic Reasoning) system in SIM to relieve the administrator from the time-consuming and costly alert manual reviewing. With the backward-chaining, FAR-FAR can make real-time reasoning for network attack scenarios. In FAR-FAR, the aggregated alerts from different IDS agents are converted into uniform frame-structured streams by Case Grammar. Afterwards, First-order logic production rules are used to extract the hidden attack scenarios. Our simulation results show that FAR-FAR's attack scenario reasoning rate for the incoming alerts are generally far less than the incoming alerts' inter-arrival time. This guarantees FAR-FAR to automatically reason the attack plans in real time and predict possible attack attempts at an early stage.

Original languageEnglish (US)
Title of host publicationITRE 2005 - 3rd International Conference on Information Technology
Subtitle of host publicationResearch and Education - Proceedings
Pages225-229
Number of pages5
StatePublished - 2005
EventITRE 2005 - 3rd International Conference on Information Technology: Research and Education - Hsinchu, Taiwan, Province of China
Duration: Jun 27 2005Jun 30 2005

Publication series

NameITRE 2005 - 3rd International Conference on Information Technology: Research and Education - Proceedings
Volume2005

Other

OtherITRE 2005 - 3rd International Conference on Information Technology: Research and Education
CountryTaiwan, Province of China
CityHsinchu
Period6/27/056/30/05

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Keywords

  • Attack Scenario
  • First-order Logic
  • IDS
  • Network Security

Fingerprint Dive into the research topics of 'Frame-based attack representation and real-time first order logic automatic reasoning'. Together they form a unique fingerprint.

Cite this