Research Article
Generating Network Attack Graphs for Security Alert Correlation
@INPROCEEDINGS{10.1109/CHINACOM.2008.4685009, author={Shaojun Zhang and Jianhua Li and Xiuzhen Chen and Lei Fan}, title={Generating Network Attack Graphs for Security Alert Correlation}, proceedings={ChinaCom2008-Network and Information Security Symposium}, publisher={IEEE}, proceedings_a={CHINACOM2008-NIS}, year={2008}, month={11}, keywords={network security attack graph alert correlation}, doi={10.1109/CHINACOM.2008.4685009} }- Shaojun Zhang
Jianhua Li
Xiuzhen Chen
Lei Fan
Year: 2008
Generating Network Attack Graphs for Security Alert Correlation
CHINACOM2008-NIS
IEEE
DOI: 10.1109/CHINACOM.2008.4685009
Abstract
Most network administrators have got the unpleasant experience of being overwhelmed by tremendous unstructured network security alerts produced by heterogeneous network devices. To date, various approaches have been proposed to correlate security alerts, including the adoption of network attack graphs to clarify their causal relationship. However, there still lacks an operational method to generate attack graphs tailored for alert correlation, especially in large scale network environments. In this paper, we propose a kind of attack graph which can be built in polynomial time using an intuitive object-oriented method. Based on the graph, a criterion is given out to correlate security alerts into scenarios. As practice, a prototype system is implemented to testify the feasibility of the approaches.
