Research Article
Work in Progress - Tracking Correlated Attacks in Enterprise Intranets through Lattices
@INPROCEEDINGS{10.1109/SECCOMW.2006.359570, author={Sule Simsek}, title={Work in Progress - Tracking Correlated Attacks in Enterprise Intranets through Lattices}, proceedings={1st International ICST Workshop on Enterprise Network Security}, publisher={IEEE}, proceedings_a={WENS}, year={2007}, month={5}, keywords={Attack Graph Correlation Distributed Denial of Service Attack Intrusion Detection Visualization.}, doi={10.1109/SECCOMW.2006.359570} }- Sule Simsek
Year: 2007
Work in Progress - Tracking Correlated Attacks in Enterprise Intranets through Lattices
WENS
IEEE
DOI: 10.1109/SECCOMW.2006.359570
Abstract
Tracking attacks caused by correlation between malicious hosts is a rapidly growing research area. In this work-in-progress paper, we propose a lattice-based visualization method to capture the correlation between malicious hosts in an enterprise internal network. We present the design of L-BIDS (lattice-based intrusion detection system) in which the nodes represent the causal and correlated properties of the network messages. In order to track the propagation of a distributed denial of service (DDoS) attack, L-BIDS nodes are highlighted with different colors based on their role within the attack. The colored structure of nodes in an L-BIDS lattice allow us to obtain a concise intrusion signature, therefore, simplifies the tracking of the propagation of the DDoS attack. In our preliminary L-BIDS model, the analysis of the network data is off-line