IJCCE 2016 Vol.5(1): 1-10 ISSN: 2010-3743
DOI: 10.17706/IJCCE.2016.5.1.1-10
DOI: 10.17706/IJCCE.2016.5.1.1-10
Alert Correlation System with Automatic Extraction of Attack Strategies by Using Dynamic Feature Weights
Chih-Hung Wang, Ye-Chen Chiou
Abstract—With the growth in popularity of the computer technology and Internet, new vulnerabilities of
systems and unknown risks continuously increase. Some methods based on the known system environment
have been unable to deal with the attacks generated by unknown vulnerabilities. Moreover, it is hard to find
potential vulnerabilities for virtual machines generated by the server in the cloud environment. Therefore, it
is very important to automatically extract attack strategies in the alert correlation system.
In this paper, we proposed an alert correlation system with automatic extraction of attack strategies. We
estimate the correlation cell value between two alerts by using equality constraints sets (ECS) and records
them in the alert correlation matrix (ACM). Our system does not need to create the predefined knowledge
base and training data. Moreover, our system also needs not to reestablish the modules due to the different
environments. We extract the attack scenarios from attackers by observing the connectivity and relationship
among the receiving alerts.
Index Terms—Alert correlation, attack graph, intrusion detection, cloud computing, network security.
The authors are with the Department of Computer Science and Information Engineering, National Chiayi University, Chiayi, Taiwan.
Index Terms—Alert correlation, attack graph, intrusion detection, cloud computing, network security.
The authors are with the Department of Computer Science and Information Engineering, National Chiayi University, Chiayi, Taiwan.
Cite:Chih-Hung Wang, Ye-Chen Chiou, "Alert Correlation System with Automatic Extraction of Attack Strategies by Using Dynamic Feature Weights," International Journal of Computer and Communication Engineering vol. 5, no. 1, pp. 1-10, 2016.
General Information
ISSN: 2010-3743 (Online)
Abbreviated Title: Int. J. Comput. Commun. Eng.
Frequency: Quarterly
DOI: 10.17706/IJCCE
Editor-in-Chief: Dr. Maode Ma
Abstracting/ Indexing: INSPEC, CNKI, Google Scholar, Crossref, EBSCO, ProQuest, and Electronic Journals Library
E-mail: ijcce@iap.org
-
Dec 29, 2021 News!
IJCCE Vol. 10, No. 1 - Vol. 10, No. 2 have been indexed by Inspec, created by the Institution of Engineering and Tech.! [Click]
-
Mar 17, 2022 News!
IJCCE Vol.11, No.2 is published with online version! [Click]
-
Dec 29, 2021 News!
The dois of published papers in Vol. 9, No. 3 - Vol. 10, No. 4 have been validated by Crossref.
-
Dec 29, 2021 News!
IJCCE Vol.11, No.1 is published with online version! [Click]
-
Sep 16, 2021 News!
IJCCE Vol.10, No.4 is published with online version! [Click]
- Read more>>