Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks

Authors

Wei Yan, Newark College of Engineering
Edwin Hou, Newark College of Engineering
Nirwan Ansari, Newark College of Engineering

Document Type

Conference Proceeding

Publication Date

12-1-2004

Abstract

The increasing use of Intrusion Detection System and a relatively high false alarm rate can lead to a huge volume of alerts. This makes it very difficult for security administrators to analyze and detect network attacks. Our solution for this problem is to make the alerts machine understandable. In this paper, we propose a novel way to convert the raw alerts into machine understandable uniform streams, correlate the streams, and extract the attack scenario knowledge. The modified case grammar Principal-subordinate Consequence Tagging Case Grammar and the 2-Atom Alert Semantic Network are used to generate the attack scenario classes. Alert mutual information is also applied to calculate the alert semantic context window size. Based on the alert context, the attack scenario instances are extracted and the attack scenario descriptions are forwarded to the security administrator. © 2004 IEEE.

Identifier

20544433820 (Scopus)

Publication Title

Proceedings Conference on Local Computer Networks LCN

First Page

110

Last Page

117

Recommended Citation

Yan, Wei; Hou, Edwin; and Ansari, Nirwan, "Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks" (2004). Faculty Publications. 20049.
https://digitalcommons.njit.edu/fac_pubs/20049