Frame-based attack representation and real-time first order logic automatic reasoning

Document Type

Conference Proceeding

Publication Date

12-1-2005

Abstract

Internet has grown by several orders of magnitude in recent years, prompting network security as a great concern. Hence, Intrusion Detection Systems (IDSs) are used to timely detect intrusions and defend against attack attempts. However, the current IDS technology generates a huge volume of alert events due to false alarm alerts, and requires costly alert manual reviewing due to the lack of intelligence in IDS. As a solution, Security Information Management (SIM) is a growing area of interest in network security. In this paper, we propose FAR-FAR (Frame-based Attack Representation and First-order logic Automatic Reasoning) system in SIM to relieve the administrator from the time-consuming and costly alert manual reviewing. With the backward-chaining, FAR-FAR can make real-time reasoning for network attack scenarios. In FAR-FAR, the aggregated alerts from different IDS agents are converted into uniform frame-structured streams by Case Grammar. Afterwards, First-order logic production rules are used to extract the hidden attack scenarios. Our simulation results show that FAR-FAR's attack scenario reasoning rate for the incoming alerts are generally far less than the incoming alerts' inter-arrival time. This guarantees FAR-FAR to automatically reason the attack plans in real time and predict possible attack attempts at an early stage. © 2005 IEEE.

Identifier

33745726026 (Scopus)

ISBN

[0780389328, 9780780389328]

Publication Title

Itre 2005 3rd International Conference on Information Technology Research and Education Proceedings

First Page

225

Last Page

229

Volume

2005

This document is currently not available here.

Share

COinS