Mohammad Ashiqur Rahaman, Cédric Hébert, Jurgen Frank
{"title":"监控企业信息系统的攻击模式框架","authors":"Mohammad Ashiqur Rahaman, Cédric Hébert, Jurgen Frank","doi":"10.1109/WETICE.2016.46","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDS) look for digital patterns mainly over the network or host traffic. Increasing complexity of todays enterprise information systems (EIS) obliges enterprises to deploy multiple but yet isolated IDSs in their IT boundaries, namely in, network (NIDS), host (HIDS), DMZs and application (appIDS). Modern exploits being able to disguise may appear innocent from an individual IDS perspective, however, its maliciousness could be detected from an end to end application perspective. One of the core problems in this regard is the inability of detecting such end to end targeted attacks whose functional scopes may stretch across IT boundaries. In this paper, we first argue that complex end to end intrusions can be detected in real time by analyzing application level logs originating from various IT boundaries (network, proxy, web server, OS, application etc.). We propose an attack pattern framework for EIS that enables an appIDS, such as SAP Enterprise Threat Detection (ETD) [1], to perform log analysis simultaneously from multiple sources. The framework includes a reference architecture and its prototypical implementation can be the core engine of an appIDS. It also provides an attack pattern specification language and associated methodology for managing attack pattern lifecycle and appropriate alert mitigation response.","PeriodicalId":319817,"journal":{"name":"2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"An Attack Pattern Framework for Monitoring Enterprise Information Systems\",\"authors\":\"Mohammad Ashiqur Rahaman, Cédric Hébert, Jurgen Frank\",\"doi\":\"10.1109/WETICE.2016.46\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems (IDS) look for digital patterns mainly over the network or host traffic. Increasing complexity of todays enterprise information systems (EIS) obliges enterprises to deploy multiple but yet isolated IDSs in their IT boundaries, namely in, network (NIDS), host (HIDS), DMZs and application (appIDS). Modern exploits being able to disguise may appear innocent from an individual IDS perspective, however, its maliciousness could be detected from an end to end application perspective. One of the core problems in this regard is the inability of detecting such end to end targeted attacks whose functional scopes may stretch across IT boundaries. In this paper, we first argue that complex end to end intrusions can be detected in real time by analyzing application level logs originating from various IT boundaries (network, proxy, web server, OS, application etc.). We propose an attack pattern framework for EIS that enables an appIDS, such as SAP Enterprise Threat Detection (ETD) [1], to perform log analysis simultaneously from multiple sources. The framework includes a reference architecture and its prototypical implementation can be the core engine of an appIDS. It also provides an attack pattern specification language and associated methodology for managing attack pattern lifecycle and appropriate alert mitigation response.\",\"PeriodicalId\":319817,\"journal\":{\"name\":\"2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WETICE.2016.46\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2016.46","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Attack Pattern Framework for Monitoring Enterprise Information Systems
Intrusion detection systems (IDS) look for digital patterns mainly over the network or host traffic. Increasing complexity of todays enterprise information systems (EIS) obliges enterprises to deploy multiple but yet isolated IDSs in their IT boundaries, namely in, network (NIDS), host (HIDS), DMZs and application (appIDS). Modern exploits being able to disguise may appear innocent from an individual IDS perspective, however, its maliciousness could be detected from an end to end application perspective. One of the core problems in this regard is the inability of detecting such end to end targeted attacks whose functional scopes may stretch across IT boundaries. In this paper, we first argue that complex end to end intrusions can be detected in real time by analyzing application level logs originating from various IT boundaries (network, proxy, web server, OS, application etc.). We propose an attack pattern framework for EIS that enables an appIDS, such as SAP Enterprise Threat Detection (ETD) [1], to perform log analysis simultaneously from multiple sources. The framework includes a reference architecture and its prototypical implementation can be the core engine of an appIDS. It also provides an attack pattern specification language and associated methodology for managing attack pattern lifecycle and appropriate alert mitigation response.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
