z-logo
open-access-imgOpen Access
A Bayesian network‐based approach for learning attack strategies from intrusion alerts
Author(s) -
Kavousi Fatemeh,
Akbari Behzad
Publication year - 2014
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.786
Subject(s) - computer science , intrusion detection system , data mining , redundancy (engineering) , component (thermodynamics) , machine learning , bayesian network , naive bayes classifier , artificial intelligence , computer security , support vector machine , physics , operating system , thermodynamics
A tremendous number of low‐level alerts reported by information security systems clearly reflect the need for an advanced alert correlation system to reduce alert redundancy, correlate security alerts, detect attack strategies, and take appropriate actions against upcoming attacks. Up to now, a variety of alert correlation methods have been suggested. However, most of them rely on a priori and hard‐coded domain expert knowledge that leads to their difficult implementation and limited capabilities of detecting new attack strategies. To overcome the drawbacks of these approaches, the recent trend of research in alert correlation has gone towards extracting attack strategies through automatic analysis of intrusion alerts. In line with the recent researches, in this paper, we present new algorithms to automatically mine attack behavior patterns from historical alerts as accurately and efficiently as possible. Our system is composed of two main components. The first offline component automatically generates correlation rules by analyzing the previously observed alerts using a Bayesian causality analysis mechanism. Then, in the online alert correlation component, alerts are correlated using a hierarchical scheme and based on the extracted rules. Our experimental results clearly show efficiency of the proposed method in learning new attack strategies. Copyright © 2013 John Wiley & Sons, Ltd.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.
Having issues? You can contact us here