{"title":"语义链接网络中的上下文注入检测网络攻击:一种基于流的检测方法","authors":"Ahmed Aleroud, George Karabatis","doi":"10.1109/ICSC.2014.29","DOIUrl":null,"url":null,"abstract":"Detection of cyber-attacks is a major responsibility for network managers and security specialists. Most existing Network Intrusion Detection systems rely on inspecting individual packets, an increasingly resource consuming task in today's high speed networks due to the overhead associated with accessing packet content. An alternative approach is to detect attack patterns by investigating IP flows. Since analyzing raw data extracted from IP flows lacks the semantic information needed to discover attacks, a novel approach is introduced that utilizes contextual information to semantically reveal cyber-attacks from IP flows. Time, location, and other contextual information mined from network flow data is utilized to create semantic links among alerts raised in response to suspicious flows. The semantic links are identified through an inference process on probabilistic semantic link networks (SLNs). The resulting links are used at run-time to retrieve relevant suspicious activities that represent possible steps in multi-step attacks.","PeriodicalId":175352,"journal":{"name":"2014 IEEE International Conference on Semantic Computing","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Context Infusion in Semantic Link Networks to Detect Cyber-attacks: A Flow-Based Detection Approach\",\"authors\":\"Ahmed Aleroud, George Karabatis\",\"doi\":\"10.1109/ICSC.2014.29\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Detection of cyber-attacks is a major responsibility for network managers and security specialists. Most existing Network Intrusion Detection systems rely on inspecting individual packets, an increasingly resource consuming task in today's high speed networks due to the overhead associated with accessing packet content. An alternative approach is to detect attack patterns by investigating IP flows. Since analyzing raw data extracted from IP flows lacks the semantic information needed to discover attacks, a novel approach is introduced that utilizes contextual information to semantically reveal cyber-attacks from IP flows. Time, location, and other contextual information mined from network flow data is utilized to create semantic links among alerts raised in response to suspicious flows. The semantic links are identified through an inference process on probabilistic semantic link networks (SLNs). The resulting links are used at run-time to retrieve relevant suspicious activities that represent possible steps in multi-step attacks.\",\"PeriodicalId\":175352,\"journal\":{\"name\":\"2014 IEEE International Conference on Semantic Computing\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE International Conference on Semantic Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSC.2014.29\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE International Conference on Semantic Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSC.2014.29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Context Infusion in Semantic Link Networks to Detect Cyber-attacks: A Flow-Based Detection Approach
Detection of cyber-attacks is a major responsibility for network managers and security specialists. Most existing Network Intrusion Detection systems rely on inspecting individual packets, an increasingly resource consuming task in today's high speed networks due to the overhead associated with accessing packet content. An alternative approach is to detect attack patterns by investigating IP flows. Since analyzing raw data extracted from IP flows lacks the semantic information needed to discover attacks, a novel approach is introduced that utilizes contextual information to semantically reveal cyber-attacks from IP flows. Time, location, and other contextual information mined from network flow data is utilized to create semantic links among alerts raised in response to suspicious flows. The semantic links are identified through an inference process on probabilistic semantic link networks (SLNs). The resulting links are used at run-time to retrieve relevant suspicious activities that represent possible steps in multi-step attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
