{"title":"利用主从推理标注、大小写语法和警报语义网络提取攻击知识","authors":"W. Yan, E. Hou, N. Ansari","doi":"10.1109/LCN.2004.57","DOIUrl":null,"url":null,"abstract":"The increasing use of intrusion detection systems and a relatively high false alarm rate can lead to a huge volume of alerts. This makes it very difficult for security administrators to analyze and detect network attacks. Our solution for this problem is to make the alerts machine understandable. We propose a novel way to convert the raw alerts into machine understandable uniform streams, correlate the streams, and extract the attack scenario knowledge. The modified case grammar principal-subordinate consequence tagging case grammar and the 2-atom alert semantic network are used to generate the attack scenario classes. Alert mutual information is also applied to calculate the alert semantic context window size. Based on the alert context, the attack scenario instances are extracted and the attack scenario descriptions are forwarded to the security administrator.","PeriodicalId":366183,"journal":{"name":"29th Annual IEEE International Conference on Local Computer Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks\",\"authors\":\"W. Yan, E. Hou, N. Ansari\",\"doi\":\"10.1109/LCN.2004.57\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The increasing use of intrusion detection systems and a relatively high false alarm rate can lead to a huge volume of alerts. This makes it very difficult for security administrators to analyze and detect network attacks. Our solution for this problem is to make the alerts machine understandable. We propose a novel way to convert the raw alerts into machine understandable uniform streams, correlate the streams, and extract the attack scenario knowledge. The modified case grammar principal-subordinate consequence tagging case grammar and the 2-atom alert semantic network are used to generate the attack scenario classes. Alert mutual information is also applied to calculate the alert semantic context window size. Based on the alert context, the attack scenario instances are extracted and the attack scenario descriptions are forwarded to the security administrator.\",\"PeriodicalId\":366183,\"journal\":{\"name\":\"29th Annual IEEE International Conference on Local Computer Networks\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-11-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"29th Annual IEEE International Conference on Local Computer Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN.2004.57\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"29th Annual IEEE International Conference on Local Computer Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2004.57","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks
The increasing use of intrusion detection systems and a relatively high false alarm rate can lead to a huge volume of alerts. This makes it very difficult for security administrators to analyze and detect network attacks. Our solution for this problem is to make the alerts machine understandable. We propose a novel way to convert the raw alerts into machine understandable uniform streams, correlate the streams, and extract the attack scenario knowledge. The modified case grammar principal-subordinate consequence tagging case grammar and the 2-atom alert semantic network are used to generate the attack scenario classes. Alert mutual information is also applied to calculate the alert semantic context window size. Based on the alert context, the attack scenario instances are extracted and the attack scenario descriptions are forwarded to the security administrator.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
