基于警报关联和软件定义网络的云免疫安全模型

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) Pub Date : 2019-06-01 DOI:10.1109/WETICE.2019.00019

R. Melo, D. D. J. D. Macedo

{"title":"基于警报关联和软件定义网络的云免疫安全模型","authors":"R. Melo, D. D. J. D. Macedo","doi":"10.1109/WETICE.2019.00019","DOIUrl":null,"url":null,"abstract":"In this paper, we explore the AIS approach to develop an agent-based detection method to analyze network traffic. The system works in conjunction with attack graph based correlation and software-defined network (SDN) technology to mitigate attacks. In the correlation technique, alerts are correlated through an attack graph which improves detection performance by decreasing the false alert rate. The false alert reduction can avoid the negative effect that an SDN countermeasure can bring to the cloud Service Level Agreement (SLA) on the absence of threats. This work was tested for multi-step and distributed denial of service (DDoS) attacks. Results have shown the addition of the correlation technique can aid to the detection performance of AIS detection systems.","PeriodicalId":116875,"journal":{"name":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A Cloud Immune Security Model Based on Alert Correlation and Software Defined Network\",\"authors\":\"R. Melo, D. D. J. D. Macedo\",\"doi\":\"10.1109/WETICE.2019.00019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we explore the AIS approach to develop an agent-based detection method to analyze network traffic. The system works in conjunction with attack graph based correlation and software-defined network (SDN) technology to mitigate attacks. In the correlation technique, alerts are correlated through an attack graph which improves detection performance by decreasing the false alert rate. The false alert reduction can avoid the negative effect that an SDN countermeasure can bring to the cloud Service Level Agreement (SLA) on the absence of threats. This work was tested for multi-step and distributed denial of service (DDoS) attacks. Results have shown the addition of the correlation technique can aid to the detection performance of AIS detection systems.\",\"PeriodicalId\":116875,\"journal\":{\"name\":\"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WETICE.2019.00019\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2019.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

在本文中，我们探索AIS的方法来开发一个基于代理的检测方法来分析网络流量。该系统结合基于攻击图的关联和软件定义网络(SDN)技术来减轻攻击。在关联技术中，警报通过攻击图进行关联，通过降低假警报率来提高检测性能。减少虚假警报可以避免SDN对策对云服务水平协议SLA (Service Level Agreement)无威胁带来的负面影响。这项工作针对多步骤和分布式拒绝服务(DDoS)攻击进行了测试。结果表明，相关技术的加入有助于提高AIS检测系统的检测性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Cloud Immune Security Model Based on Alert Correlation and Software Defined Network

In this paper, we explore the AIS approach to develop an agent-based detection method to analyze network traffic. The system works in conjunction with attack graph based correlation and software-defined network (SDN) technology to mitigate attacks. In the correlation technique, alerts are correlated through an attack graph which improves detection performance by decreasing the false alert rate. The false alert reduction can avoid the negative effect that an SDN countermeasure can bring to the cloud Service Level Agreement (SLA) on the absence of threats. This work was tested for multi-step and distributed denial of service (DDoS) attacks. Results have shown the addition of the correlation technique can aid to the detection performance of AIS detection systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)

自引率

0.00%

发文量