Abstract—With the growth in popularity of the computer technology and Internet, new vulnerabilities of systems and unknown risks continuously increase. Some methods based on the known system environment have been unable to deal with the attacks generated by unknown vulnerabilities. Moreover, it is hard to find potential vulnerabilities for virtual machines generated by the server in the cloud environment. Therefore, it is very important to automatically extract attack strategies in the alert correlation system. In this paper, we proposed an alert correlation system with automatic extraction of attack strategies. We estimate the correlation cell value between two alerts by using equality constraints sets (ECS) and records them in the alert correlation matrix (ACM). Our system does not need to create the predefined knowledge base and training data. Moreover, our system also needs not to reestablish the modules due to the different environments. We extract the attack scenarios from attackers by observing the connectivity and relationship among the receiving alerts.

Index Terms—Alert correlation, attack graph, intrusion detection, cloud computing, network security.

The authors are with the Department of Computer Science and Information Engineering, National Chiayi University, Chiayi, Taiwan.

Cite:Chih-Hung Wang, Ye-Chen Chiou, "Alert Correlation System with Automatic Extraction of Attack Strategies by Using Dynamic Feature Weights," International Journal of Computer and Communication Engineering vol. 5, no. 1, pp. 1-10, 2016.