Main Page
Deanship
The Dean
Dean's Word
Curriculum Vitae
Contact the Dean
Vision and Mission
Organizational Structure
Vice- Deanship
Vice- Dean
KAU Graduate Studies
Research Services & Courses
Research Services Unit
Important Research for Society
Deanship's Services
FAQs
Research
Staff Directory
Files
Favorite Websites
Deanship Access Map
Graduate Studies Awards
Deanship's Staff
Staff Directory
Files
Researches
Contact us
عربي
English
About
Admission
Academic
Research and Innovations
University Life
E-Services
Search
Deanship of Graduate Studies
Document Details
Document Type
:
Thesis
Document Title
:
Improving Real Time Intrusion Detection Alerts Analysis for Recognizing Multi-Stage Attacks
تحسين تحليل تنبيهات كشف الاختراق في الزمن الحقيقي للتعرف على الهجمات الالكترونية متعددة المراحل
Subject
:
Faculty of Computing and Information Technology- Computing Sciences
Document Language
:
Arabic
Abstract
:
With the rise of cyber-attacks, the amount of audited security data such as alerts produced from Intrusion Detection Systems (IDSs) are increased dramatically. IDSs have become one of the most common countermeasures for monitoring safety in computer systems and networks. IDSs generate a massive amount of low-level alerts, in which the information on multi-stage attack scenario is missing. The analysis and management of these massive amounts of alerts have become a critical and challenging issue. Alert correlation is a very useful approach to reduce the volume of alerts and discover multi-stage attack scenarios. In this thesis, a Real-time Multi-stage Attack Recognition System (RMARS) is proposed to recognize multi-stage attack scenarios with their associated severity level in real time. It consists of two parts: offline part which builds attack patterns using the sequential pattern mining algorithm GSP, and online part which receives alerts and predicts upcoming attacks using patterns built in offline part. RMARS presents improvement in the detection and prediction by identifying severity level of discovered multi-stage attack scenarios in real time. In addition, it uses a new method "Candidate Verification" in offline part that calculates alerts correlativity while generating candidate attack sequences to insure that all alerts in selected candidate belong to the same attack scenario. The proposed system has been implemented and evaluated against the specified requirements by a series of experiments using DARPA 2000 data sets. The results show that using "Candidate Verification" method increases the efficiency of generating attack scenario patterns in offline and detecting multi-stage attack in real-time. Moreover, predicting the next step of attack with severity level increases the efficiency of alert analysis system and gives network administrator valuable information to take a decision and deter a serious multi-stage attack to be completed and, hence, protecting the system from getting damaged.
Supervisor
:
Dr. Omaima Bamasak
Thesis Type
:
Master Thesis
Publishing Year
:
1434 AH
2013 AD
Added Date
:
Tuesday, November 19, 2013
Researchers
Researcher Name (Arabic)
Researcher Name (English)
Researcher Type
Dr Grade
Email
فاطمة أحمد باحارث
Bahareth, Fatmah Ahmed
Researcher
Master
Files
File Name
Type
Description
36330.pdf
pdf
Back To Researches Page