Publication | Closed Access
A realistic graph‐based alert correlation system
36
Citations
19
References
2015
Year
EngineeringWarning SystemInformation SecurityNetwork AnalysisAttack GraphsData ScienceData MiningSystems EngineeringSecurity DiagnosticsIntrusion Detection SystemDefense SystemsThreat DetectionKnowledge DiscoveryNetworked Computer SystemsComputer ScienceGraph‐based Attack DescriptionAttack GraphThreat CharacterizationAutomated Security AnalysisNetwork ScienceIntrusion Detection
The paper introduces a graph-based attack description and analysis methods for alert correlation. The system comprises an attack scenario detection method, an alert correlation method that recognizes multistep attacks, and a graph-based classification method to extract different alert types. Performance analysis shows the system can correlate more than 442,000 alerts into dozens of attack graphs, allowing high‑precision extraction of attack properties. © 2015 John Wiley & Sons, Ltd.
Abstract This paper introduces a graph‐based attack description that comes with different analysis methods for alert correlation. The system encompasses an attack scenario detection method, an alert correlation method that recognizes multistep attacks, and graph‐based classification method to extract different types of alerts. The performance analysis shows that the system can correlate a huge number of alerts (more than 442 000 alerts) into a dozens of attack graphs. The attack graph has permitted us to extract several attack properties with high precision. Copyright © 2015 John Wiley & Sons, Ltd.
| Year | Citations | |
|---|---|---|
Page 1
Page 1