Scenario based threat detection and attack analysis

Abstract

This paper targets two essential issues in intrusion detection system designs: the optimization of rule selection and the attack discovery in attack analysis. A scenario-based approach is proposed to correlate malicious packets and to intelligently select intrusion detection rules to fire. We propose algorithms for rule selection and attack scenario identification. Potential threats and their relationship for a gateway and Web-server applications are explored as an example in the study. The proposed algorithms are implemented over Snort, a signature-based intrusion detection system, for which we have some encouraging performance evaluation results.