Abstract
The multi-step attack is one of the primary forms of the current intrusions. How to detect these attacks is an important aspect of IDS research. The correlation research to intrusion detection performs mainly on the following aspects: (1) reducing the false positives and false negatives; (2) detecting unknown attacks; (3) attack forecasting. Especially the development of the third point perhaps improves the passive detection to the active protection. Through the study on patterns of the multi-step attack, a detection and forecast algorithm is designed for multi-step attack based on intrusion intention. In this algorithm, an extended directed graph is used to show attack types and their relations, while the correlation is performed according to the method of backwards matching and absent matching. Based on the weighted summation of correlation attack's chain and the branch's weights on the logic graph of attack, the probability of the next attack can be computed. The effect of this algorithm includes the detection of multi-step attack, attack forecasting, detecting unknown attacks, and reducing the false alarms. This paper also presents the process of experimental and analysis result for validity of the algorithm.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
