基于主机/网络IDS警报深度归一化的攻击路径可视化

2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA) Pub Date : 2016-03-23 DOI:10.1109/AINA.2016.129

Amir Azodi, Feng Cheng, C. Meinel

{"title":"基于主机/网络IDS警报深度归一化的攻击路径可视化","authors":"Amir Azodi, Feng Cheng, C. Meinel","doi":"10.1109/AINA.2016.129","DOIUrl":null,"url":null,"abstract":"Mitigation techniques employed by attackers has meant that traditional Network Intrusion Detection Systems (NIDS) are no longer able to reliably protect a network in the face of ever more sophisticated attacks. Security Information and Event Management (SIEM) systems monitor network systems by analyzing the logs they produce. In this paper, we propose a method of visualizing attacks by aggregating, normalizing and analyzing alerts raised by SIEM-based IDS (SIDS) systems as well as NIDS systems in real-time. We present the results of our proposed visualization technique when applied to different attack scenarios. In many cases, our approach allows for the path an attacker takes during their attack to be visualized.","PeriodicalId":438655,"journal":{"name":"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Towards Better Attack Path Visualizations Based on Deep Normalization of Host/Network IDS Alerts\",\"authors\":\"Amir Azodi, Feng Cheng, C. Meinel\",\"doi\":\"10.1109/AINA.2016.129\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mitigation techniques employed by attackers has meant that traditional Network Intrusion Detection Systems (NIDS) are no longer able to reliably protect a network in the face of ever more sophisticated attacks. Security Information and Event Management (SIEM) systems monitor network systems by analyzing the logs they produce. In this paper, we propose a method of visualizing attacks by aggregating, normalizing and analyzing alerts raised by SIEM-based IDS (SIDS) systems as well as NIDS systems in real-time. We present the results of our proposed visualization technique when applied to different attack scenarios. In many cases, our approach allows for the path an attacker takes during their attack to be visualized.\",\"PeriodicalId\":438655,\"journal\":{\"name\":\"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-03-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AINA.2016.129\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINA.2016.129","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

攻击者采用的缓解技术意味着传统的网络入侵检测系统(NIDS)在面对越来越复杂的攻击时不再能够可靠地保护网络。安全信息和事件管理(SIEM)系统通过分析网络系统产生的日志来监控网络系统。在本文中，我们提出了一种通过聚合、规范化和实时分析基于siem的IDS (SIDS)系统和NIDS系统发出的警报来可视化攻击的方法。我们展示了我们提出的可视化技术在不同攻击场景下的应用结果。在许多情况下，我们的方法允许攻击者在攻击过程中所采取的路径被可视化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards Better Attack Path Visualizations Based on Deep Normalization of Host/Network IDS Alerts

Mitigation techniques employed by attackers has meant that traditional Network Intrusion Detection Systems (NIDS) are no longer able to reliably protect a network in the face of ever more sophisticated attacks. Security Information and Event Management (SIEM) systems monitor network systems by analyzing the logs they produce. In this paper, we propose a method of visualizing attacks by aggregating, normalizing and analyzing alerts raised by SIEM-based IDS (SIDS) systems as well as NIDS systems in real-time. We present the results of our proposed visualization technique when applied to different attack scenarios. In many cases, our approach allows for the path an attacker takes during their attack to be visualized.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA)

自引率

0.00%

发文量