An effective attack scenario construction model based on identification of attack steps and stages.
A Network Intrusion Detection System is a network security technology for detecting intruder attacks. However, it produces a great amount of low-level alerts which makes the analysis difficult, especially to construct the attack scenarios. Attack scenario construction (ASC) via Alert Correlation is...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Published: |
Springer Science and Business Media Deutschland GmbH
2023
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/105712/ http://dx.doi.org/10.1007/s10207-023-00701-2 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Malaysia |
| id |
my.utm.105712 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.1057122024-05-12T06:08:53Z http://eprints.utm.my/105712/ An effective attack scenario construction model based on identification of attack steps and stages. Alhaj, Taqwa Ahmed Md. Siraj, Maheyzah Zainal, Anazida Idris, Inshirah Nazir, Anjum Elhaj, Fatin Darwish, Tasneem T Technology (General) T58.5-58.64 Information technology A Network Intrusion Detection System is a network security technology for detecting intruder attacks. However, it produces a great amount of low-level alerts which makes the analysis difficult, especially to construct the attack scenarios. Attack scenario construction (ASC) via Alert Correlation is important to reveal the strategy of attack in terms of steps and stages that need to be launched to make the attack successful. In most of the existing works, alerts are correlated by classifying the alerts based on the cause-effect relationship. However, the drawback of these works is the identification of false and incomplete correlations due to infiltration of raw alerts. To address this problem, this work proposes an effective ASC model to discover the complete relationship among alerts. The model is successfully experimented using two types of dataset, which are DARPA 2000, and ISCX2012. The Completeness and Soundness of the proposed model are measured to evaluate the overall correlation effectiveness. Springer Science and Business Media Deutschland GmbH 2023-10 Article PeerReviewed Alhaj, Taqwa Ahmed and Md. Siraj, Maheyzah and Zainal, Anazida and Idris, Inshirah and Nazir, Anjum and Elhaj, Fatin and Darwish, Tasneem (2023) An effective attack scenario construction model based on identification of attack steps and stages. International Journal of Information Security, 22 (5). pp. 1481-1496. ISSN 1615-5262 http://dx.doi.org/10.1007/s10207-023-00701-2 DOI: 10.1007/s10207-023-00701-2 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| topic |
T Technology (General) T58.5-58.64 Information technology |
| spellingShingle |
T Technology (General) T58.5-58.64 Information technology Alhaj, Taqwa Ahmed Md. Siraj, Maheyzah Zainal, Anazida Idris, Inshirah Nazir, Anjum Elhaj, Fatin Darwish, Tasneem An effective attack scenario construction model based on identification of attack steps and stages. |
| description |
A Network Intrusion Detection System is a network security technology for detecting intruder attacks. However, it produces a great amount of low-level alerts which makes the analysis difficult, especially to construct the attack scenarios. Attack scenario construction (ASC) via Alert Correlation is important to reveal the strategy of attack in terms of steps and stages that need to be launched to make the attack successful. In most of the existing works, alerts are correlated by classifying the alerts based on the cause-effect relationship. However, the drawback of these works is the identification of false and incomplete correlations due to infiltration of raw alerts. To address this problem, this work proposes an effective ASC model to discover the complete relationship among alerts. The model is successfully experimented using two types of dataset, which are DARPA 2000, and ISCX2012. The Completeness and Soundness of the proposed model are measured to evaluate the overall correlation effectiveness. |
| format |
Article |
| author |
Alhaj, Taqwa Ahmed Md. Siraj, Maheyzah Zainal, Anazida Idris, Inshirah Nazir, Anjum Elhaj, Fatin Darwish, Tasneem |
| author_facet |
Alhaj, Taqwa Ahmed Md. Siraj, Maheyzah Zainal, Anazida Idris, Inshirah Nazir, Anjum Elhaj, Fatin Darwish, Tasneem |
| author_sort |
Alhaj, Taqwa Ahmed |
| title |
An effective attack scenario construction model based on identification of attack steps and stages. |
| title_short |
An effective attack scenario construction model based on identification of attack steps and stages. |
| title_full |
An effective attack scenario construction model based on identification of attack steps and stages. |
| title_fullStr |
An effective attack scenario construction model based on identification of attack steps and stages. |
| title_full_unstemmed |
An effective attack scenario construction model based on identification of attack steps and stages. |
| title_sort |
effective attack scenario construction model based on identification of attack steps and stages. |
| publisher |
Springer Science and Business Media Deutschland GmbH |
| publishDate |
2023 |
| url |
http://eprints.utm.my/105712/ http://dx.doi.org/10.1007/s10207-023-00701-2 |
| _version_ |
1800082652252864512 |