Network threat detection based on correlation analysis of multi-platform multi-source alert data

Network threat detection based on correlation analysis of multi-platform multi-source alert data

It is difficult for security administrators to detect attacks well when they are faced with large amounts of multi-platform multi-source alert data. However, most attack events are not isolated and has a certain number of steps. With the help of alert correlation, attacks can be revealed well. In ou...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Multimedia tools and applications 2020-12, Vol.79 (45-46), p.33349-33363
Hauptverfasser: Lu, Xindai, Han, Jiajia, Ren, Qianbo, Dai, Hua, Li, Jiyuan, Ou, Jing
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Behavior
Clustering
Computer Communication Networks
Computer Science
Computer simulation
Correlation analysis
Cybersecurity
Data mining
Data Structures and Information Theory
Electric power
Methods
Multimedia
Multimedia Information Systems
Network security
Security
Special Purpose and Application-Based Systems
Threats
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:It is difficult for security administrators to detect attacks well when they are faced with large amounts of multi-platform multi-source alert data. However, most attack events are not isolated and has a certain number of steps. With the help of alert correlation, attacks can be revealed well. In our paper, we propose a PMASP (Purpose-oriented Maximum Attack Sequence Patterns) algorithm for threat detection based on alert correlation. Firstly, we format alarm records and reduce redundant alarms. Then, with the help of attack classification, we generate initial attack sequences through clustering. Later, PMASP is employed to dig out frequent sequences set. Finally, we use xml language to construct rules for detection. These rules represent some attack patterns which are helpful for security administrators. We simulate several attacks and use some rules to detect. The detection rate shows that the rule is reasonable and effectively.
ISSN:1380-7501
1573-7721
DOI:10.1007/s11042-018-6689-7