Attack scenario reconstruction using intrusion semantics
作者:
Highlights:
• A two-step semantic attack scenario reconstruction technique is proposed.
• The technique is fast and incremental without the need for human intervention.
• The technique calculates the similarity between alerts using a proposed metric.
• Semantic similarity is used in inferring the causal relation between alerts.
• The evaluation results prove the advantages of the proposed approach.
摘要
•A two-step semantic attack scenario reconstruction technique is proposed.•The technique is fast and incremental without the need for human intervention.•The technique calculates the similarity between alerts using a proposed metric.•Semantic similarity is used in inferring the causal relation between alerts.•The evaluation results prove the advantages of the proposed approach.
论文关键词:Alert correlation,Attack scenario,Ontology,Similarity,Semantic
论文评审过程:Received 23 August 2017, Revised 14 April 2018, Accepted 24 April 2018, Available online 1 May 2018, Version of Record 11 May 2018.
论文官网地址:https://doi.org/10.1016/j.eswa.2018.04.030
