Semantic scheme to extract attack strategies for Web service network security

2004 IEEE International Workshop on IP Operations and Management Pub Date : 2004-10-11 DOI:10.1109/IPOM.2004.1547600

W. Yan, Fang Liu

{"title":"Semantic scheme to extract attack strategies for Web service network security","authors":"W. Yan, Fang Liu","doi":"10.1109/IPOM.2004.1547600","DOIUrl":null,"url":null,"abstract":"In the recent years, Web technologies have been used to provide an interface to the distributed services. The advent of the computer networks has accelerated this development, and has sparked the emergence of the numerous environments that enable Web services. However, the computer network security against the distributed denial of service attacks (DDoS) attacks attracts more attentions. The overwhelming alerts generated by the intrusion detection systems make it hard for the security administrator to analyze and extract the attack strategies, which hampers the performance of the attack detection. One method to resolve the problem is the attack scenarios extraction. In this paper, we propose a novel way to correlate the alerts and extract the attack scenarios. The modified case grammar, principal-subordinate consequence tagging case grammar and the alert semantic network, are used to generate the attack classes. Alerts mutual information is also applied to calculate the alert semantic context window size. Afterwards, based on the alert context, the attack instances are extracted.","PeriodicalId":197627,"journal":{"name":"2004 IEEE International Workshop on IP Operations and Management","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2004 IEEE International Workshop on IP Operations and Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IPOM.2004.1547600","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In the recent years, Web technologies have been used to provide an interface to the distributed services. The advent of the computer networks has accelerated this development, and has sparked the emergence of the numerous environments that enable Web services. However, the computer network security against the distributed denial of service attacks (DDoS) attacks attracts more attentions. The overwhelming alerts generated by the intrusion detection systems make it hard for the security administrator to analyze and extract the attack strategies, which hampers the performance of the attack detection. One method to resolve the problem is the attack scenarios extraction. In this paper, we propose a novel way to correlate the alerts and extract the attack scenarios. The modified case grammar, principal-subordinate consequence tagging case grammar and the alert semantic network, are used to generate the attack classes. Alerts mutual information is also applied to calculate the alert semantic context window size. Afterwards, based on the alert context, the attack instances are extracted.

查看原文本刊更多论文

语义方案提取Web服务网络安全攻击策略

近年来，Web技术已被用于为分布式服务提供接口。计算机网络的出现加速了这一发展，并引发了支持Web服务的众多环境的出现。然而，针对分布式拒绝服务攻击(DDoS)的计算机网络安全问题越来越受到人们的关注。入侵检测系统产生的海量告警给安全管理员分析和提取攻击策略带来了困难，影响了攻击检测的性能。解决这一问题的方法之一是攻击场景提取。在本文中，我们提出了一种新的方法来关联警报和提取攻击场景。采用改进的格语法、主从推理标注格语法和预警语义网络生成攻击类。同时利用警报互信息计算警报语义上下文窗口大小。然后，根据警报上下文提取攻击实例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2004 IEEE International Workshop on IP Operations and Management

自引率

0.00%

发文量