Recognizing multistage cyber attacks via CPN approach

Yi Ming Chen, Hsing Kuo Wong, Mei Chun Liu

研究成果: 書貢獻/報告類型會議論文篇章同行評審

摘要

As the rapid growth of Internet applications, the number of cyber attacks increases drastically and presents challenges to network administrators. One of the challenges comes from that Internet hackers usually take multiple actions to achieve their malicious objectives; thus blurred their intention by triggering several seeming unrelated alerts during the same attack scenario. As a result, either for earning enough time to take appropriate actions or for reducing the number of alerts by correlating them, the administrators naturally want to have a quick way to recognize the multistage attacks. To address this desire, this paper presents a novel Colored Petri Net (CPN) based approach for administrators to correlate the alerts caused by intrusion detection systems to identify whether a multistage attack occurs or not. With this approach, we developed a CPN model to represent cyber attacks, and also implemented a prototype system to validate the effectiveness of our approach. We took DARPA/Lincoln Laboratory 2000 datasets as experiment inputs; the results showed that the CPN approach could recognize the multistage attacks, such as sadmind attack, from these alert datasets while has simpler modeling representation as well as friendlier user interface than alternative approaches.

原文???core.languages.en_GB???
主出版物標題WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings
頁面1-6
頁數6
出版狀態已出版 - 2005
事件9th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2005 - Orlando, FL, United States
持續時間: 10 7月 200513 7月 2005

出版系列

名字WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings
5

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???9th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2005
國家/地區United States
城市Orlando, FL
期間10/07/0513/07/05

指紋

深入研究「Recognizing multistage cyber attacks via CPN approach」主題。共同形成了獨特的指紋。

引用此