Extracting and querying network attack scenarios knowledge in IDS using PCTCG and alert semantic networks

Authors

Wei Yan, Newark College of Engineering
Edwin Hou, Newark College of Engineering
Nirwan Ansari, Newark College of Engineering

Document Type

Conference Proceeding

Publication Date

9-12-2005

Abstract

The increasing use of Intrusion Detection System gives rise to a huge volume of alert logs, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a four-layer semantic scheme designed to allow inferring attack scenarios and enabling attack semantic queries. The modified case grammar, PCTCG, is used to convert the raw alerts into machine-understandable uniform alert streams. The 2-Atom Alert Semantic Network, 2-AASN are used to generate attack scenario classes. Afterwards, based on the alert context, attack scenario instances are extracted and attack semantic query results on attack scenario instances using spreading activation technique are forwarded to the security administrator. © 2005 IEEE.

Identifier

24144468632 (Scopus)

Publication Title

IEEE International Conference on Communications

ISSN

05361486

First Page

1512

Last Page

1517

Volume

3

Recommended Citation

Yan, Wei; Hou, Edwin; and Ansari, Nirwan, "Extracting and querying network attack scenarios knowledge in IDS using PCTCG and alert semantic networks" (2005). Faculty Publications. 19570.
https://digitalcommons.njit.edu/fac_pubs/19570