Alert processing based on attack graph and multi-source analyzing

Wei-xin LIU; Kang-feng ZHENG; Bin WU; Yi-xian YANG

doi:10.11959/j.issn.1000-436x.2015193

您当前的位置：

首页 >

文章列表页 >

Alert processing based on attack graph and multi-source analyzing

academic paper | 更新时间：2024-06-05

- Alert processing based on attack graph and multi-source analyzing
- Journal on Communications Vol. 36, Issue 9, Pages: 135-144(2015)
- 作者机构：
  
  北京邮电大学信息安全中心，北京 100876
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61101108)
- DOI：10.11959/j.issn.1000-436x.2015193
  CLC： TP302
- Online First：2015-09，
  
  Published：25 September 2015
- 稿件说明：
移动端阅览
Wei-xin LIU, Kang-feng ZHENG, Bin WU, et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015, 36(9): 135-144.
DOI：

Wei-xin LIU, Kang-feng ZHENG, Bin WU, et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015, 36(9): 135-144. DOI： 10.11959/j.issn.1000-436x.2015193.

摘要

现有基于攻击图(attack graph)的告警关联分析方法难以全面处理告警关联关系，同时，漏报推断和告警预测带来大量冗余路径误报。针对以上问题提出了基于攻击图的多源告警关联分析算法，能够综合应用图关系和阈值限制进行联动推断和预测，达到更为全面解决攻击图中的告警漏报和减少误报数量的目的。同时，将告警处理算法并行化，提出了AG-PAP告警并行处理引擎。实验表明，该方法能够提升关联分析的有效性和性能表现。

Abstract

Current attack graph-based alert correlation cannot deal with graph relation between alerts properly

and a large number of redundant attack paths may arise when trying to find out missing alerts and predict future attacks.A multi-source alert analyzing method was proposed

fully utilizing graph relation and threshold to correlate mapped alerts and eventually reduce false positive rate as well as true negative rate.To improve the speed of the algorithm

a parallel alert processing system (AG-PAP) was proposed.AG-PAP is tested on distributed environment which gets satisfied effec-tiveness and performance.

关键词

Keywords

references

VALEUR F , VIGNA G , KRUEGEL C , et al . A comprehensive ap-proach to intrusion detection alert correlation [J ] . IEEE Transactions on Dependable and Secure Computing , 2004 , 1 ( 3 ): 146 - 169 .

ROSCHKE S , CHENG F , MEINEL C . An alert correlation platform for memory-supported techniques [J ] . Concurrency and Computa-tion-practice &Experience , 2012 , 24 ( 10 ): 1123 - 1136 .

梅海彬，龚俭，张明华 . 基于警报序列聚类的多步攻击模式发现研究 [J ] . 通信学报， 2011 , 32 ( 5 ): 63 - 69 .

MEI HB , GONG J , ZHANG MH . Research on discovering multi-step attack patterns based on clustering IDS alert sequences [J ] . Journal on Communications , 2011 , 32 ( 5 ): 63 - 69 .

ROSCHKE S , CHENG F , MEINEL C . Using vulnerability informa-tion and attack graphs for intrusion detection [A ] . Information Assur-ance and Security (IAS),2010 Sixth International Conference on IEEE [C ] . 2010 . 68 - 73 .

NOEL S , JAJODIA S . Advanced vulnerability analysis and intrusion detection through predictive attack graphs [A ] . Critical Issues in C4I,Armed Forces Communications and Electronics Association (AFCEA) Solutions Series International Journal of Command and Control [C ] . 2009 .

JAJODIA S , NOEL S . Topological Vulnerability Analysis [M ] . Springer , 2010 . 139 - 154 .

OU X , BOYER W , MCQUEEN M . A scalable approach to attack graph generation [A ] . ACM [C ] . 2006 . 336 - 345 .

GONZALEZ J E , LOW Y , GU H , et al . PowerGraph:distributed graph-parallel computation on natural graphs [A ] . OSDI [C ] . 2012 , 12 ( 1 ): 2 .

WANG L , LIU A , JAJODIA S . Using attack graphs for correlating,hypothesizing,and predicting intrusion alerts [J ] . Computer Commu-nications , 2006 , 29 ( 15 ): 2917 - 2933 .

AHMADINEJAD S H , JALILI S , ABADI M . A hybrid model for correlating alerts of known and unknown attack scenarios and up-dating attack graphs [J ] . Computer Networks , 2011 , 55 ( 9 ): 2221 - 2240 .

ROSCHKE S , CHENG F , MEINEL C . High-quality attack graph-based IDS correlation [J ] . Logic Journal of the Igpl , 2013 , 21 ( 4I ): 571 - 591 .

ROSCHKE S , CHENG F , MEINEL C . A new alert correlation algo-rithm based on attack graph [J ] . Computational Intelligence in Security for Information Systems , 2011 , 6694 : 58 - 67 .

DEAN J , GHEMAWAT S . MapReduce [J ] . Communications of the ACM , 2008 , 51 ( 1 ): 107 .

LOW Y , BICKSON D , GONZALEZ J , et al . Distributed graphlab:a framework for machine learning and data mining in the cloud [J ] . Pro-ceedings of the VLDB Endowment , 2012 , 5 ( 8 ): 716 - 727 .

MALEWICZ G , AUSTERN M H , BIK A J C , et al . Pregel:a system for large-scale graph processing [A ] . Proceedings of the 2010 ACM SIGMOD International Conference on Management of data [C ] . 2010 .

LI K , GIBSON C , HO D , et al . Assessment of machine learning algo-rithms in cloud computing frameworks [Z ] . IEEE , 2013 . 98 - 103 .

GUO Y , BICZAK M , VARBANESCU A L , et al . Towards bench-marking graph-processing platforms [A ] . The International Conference for High Performance Computing,Networking,Storage and Analy-sis [C ] . 2013 .

CHING A , KUNZ C . Giraph:large-scale graph processing infrastruc-ture on Hadoop [J ] . Hadoop Summit , 2011 , 29 ( 6 ).

LOW Y , GONZALEZ J , KYROLA A , et al . Graphlab:a new parallel framework for machine learning [A ] . UAI [C ] . 2010 . 340 - 349 .

OU X , GOVINDAVAJHALA S , APPEL A W . MulVAL:a logic- based network security analyzer [A ] . 14th USENIX Security [C ] . 2005 . 1 - 16 .

LOW Y . GraphLab:A Distributed Abstraction for Large Scale Ma-chine Learning [D ] . University of California , 2013 .

Views

1965

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Survey on application of attack graph technology

Study of SDN intrusion intent identification algorithm based on Bayesian attack graph

Research on network attack analysis method based on attack graph of absorbing Markov chain

Host security assessment method based on attack graph

Network intrusion intention analysis model based on Bayesian attack graph

Related Author

An-kang JU

Chen-dong WANG

Yuan-bo GUO

Zi-wei YE

Zhiyong LUO

Yu ZHANG

Qing WANG

Weiwei SONG

Related Institution

School of Cyberspace Security,PLA Information Engineering University

State Key Laboratory of Mathematical Engineering and Advanced Computing

School of Computer Science and Technology, Harbin University of Science and Technology

School of Information Management, Beijing Information Science and Technology University

College of Safety Science and Engineering, Civil Aviation University of China

AI问答

⁰