Attack modeling using colored petri net and alerts correlation algorithms design |
| |
Authors: | DU Jian-jun WU Zhong-fu and CHEN Ming |
| |
Institution: | College of Computer Science and Engineering, Chongqing University, Chongqing 400044, P. R. China;College of Computer Science and Engineering, Chongqing University, Chongqing 400044, P. R. China;College of Computer Science and Engineering, Chongqing University, Chongqing 400044, P. R. China |
| |
Abstract: | In order to improve the alerts quality and prediction capability of traditional intrusion detection systems (IDS), the advanced alerts correlation algorithms are proposed, which is based on attack scenarios modeling using colored petri net (CPN). The current analysis approach information filtering is updated to messages logic deduction by reasoning under the model. The alert and the attack are converted to two different parameters for computation. By means of transforming CPN model and calculating the minimal covering set, the algorithms for multi-step attack and cooperative attack are designed. The experimental alerts correlation analysis system (ACAS) is programmed. That experiment results indicate that these algorithms could be applied to improve the alerts quality and prediction ability of IDS effectively. |
| |
Keywords: | intrusion detection petri net application attack modeling alerts correlation cooperative attack |
|
| 点击此处可从《保鲜与加工》浏览原始摘要信息 |
| 点击此处可从《保鲜与加工》下载免费的PDF全文 |
|