Skip to main content

Extracting Attack Scenarios Using Intrusion Semantics

  • Conference paper
Foundations and Practice of Security (FPS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7743))

Included in the following conference series:

Abstract

Building the attack scenario is the first step to understand an attack and extract useful attack intelligence. Existing attack scenario reconstruction approaches, however, suffer from several limitations that weaken the elicitation of the attack scenarios and decrease the quality of the generated attack scenarios. In this paper, we discuss the limitations of the existing attack scenario reconstruction approaches and propose a novel hybrid approach using semantic analysis and intrusion ontology. Our approach can reconstruct known and unknown attack scenarios and correlate alerts generated in multi-sensor IDS environment. Our experimental results show the potential of our approach and its advantages over previous approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abdoli, F., Kahani, M.: Using attacks ontology in distributed intrusion detection system. In: SCSS (1), pp. 153–158 (2007)

    Google Scholar 

  2. Al-Mamory, S.O., Zhang, H.L.: Scenario discovery using abstracted correlation graph. In: 2007 International Conference on Computational Intelligence and Security, pp. 702–706 (December 2007)

    Google Scholar 

  3. Ding, Y.-X., Wang, H.-S., Liu, Q.-W.: Intrusion scenarios detection based on data mining. In: 2008 International Conference on Machine Learning and Cybernetics, vol. 3, pp. 1293–1297 (July 2008)

    Google Scholar 

  4. Isaza, G.A., Castillo, A.G., Duque, N.D.: An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In: Demazeau, Y., Pavón, J., Corchado, J.M., Bajo, J. (eds.) 7th International Conference on PAAMS 2009. AISC, vol. 55, pp. 237–245. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Li, W., Zhi-tang, L., Dong, L., Jie, L.: Attack scenario construction with a new sequential mining technique. In: Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, SNPD 2007, July 30-August 1, vol. 1, pp. 872–877 (2007)

    Google Scholar 

  6. Lincoln-Laboratory-MIT. Darpa intrusion detection evaluation, http://www.ll.mit.edu/mission/communications/ist/CST/index.html

  7. Liu, Z., Wang, C., Chen, S.: Correlating multi-step attack and constructing attack scenarios based on attack pattern modeling. In: International Conference on Information Security and Assurance, ISA 2008, pp. 214–219 (April 2008)

    Google Scholar 

  8. Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 245–254. ACM, New York (2002)

    Google Scholar 

  9. Rhee, S.K., Lee, J., Park, M.-W.: Semantic relevance measure between resources based on a graph structure. In: International Multiconference on Computer Science and Information Technology, IMCSIT 2008, pp. 229–236 (October 2008)

    Google Scholar 

  10. Ruotsalo, T., Hyvonen, E.: A Method for Determining Ontology-Based Semantic Relevance. In: Wagner, R., Revell, N., Pernul, G. (eds.) DEXA 2007. LNCS, vol. 4653, pp. 680–688. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  11. Saad, S., Traore, I.: Method ontology for intelligent network forensics analysis. In: Eight International Conference on Privacy, Security and Trust (PST 2010), Ottawa, Canada, pp. 7–14 (August 2010)

    Google Scholar 

  12. UCSB. The 2002 UCSB treasure hunt dataset, http://ictf.cs.ucsb.edu/data/treasurehunt2002/

  13. Undercoffer, J.L., Joshi, A., Finin, T., Pinkston, J.: A Target-Centric Ontology for Intrusion Detection. In: The 18th International Joint Conference on Artificial Intelligence (July 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Saad, S., Traore, I. (2013). Extracting Attack Scenarios Using Intrusion Semantics. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds) Foundations and Practice of Security. FPS 2012. Lecture Notes in Computer Science, vol 7743. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37119-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37119-6_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37118-9

  • Online ISBN: 978-3-642-37119-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics