,
Attack Graph Generation and Threat Evaluation in Network Situation Awareness (NSA)
International Journal of Innovative Science and Modern Engineering (IJISME), 1 (3): 79-82 (февраля 2013)
Аннотация
A Network is a collection of many devices, where each node is said to be wired or wireless connection between them. And now a day’s most of the threat comes to the network either from outside or from a sort of situation which occurs internally due to many reasons. So the Intrusions or threat which occurs due to these situations are generally more damageable than the normal ones. This paper is introducing a technique to analyze various types of alerts & also generating attack graph for such alerts by using two algorithm i.e. correlation of isolated alerts to alert-pair, attack graph generation. And after analyzing the threat we are also performing evaluation technique to determine the seriousness of the threat and remove it. In this paper our vital focus is on alert analysis. In the current intrusion detection systems, it produces large volumes of alerts. These overwhelming alerts make it challenging to recognize and manage them. Therefore, we have to condense the amount of the alerts and external useful information from them. However, the NSA requires the alert analysis techniques to suggest high-level information such as how serious of attacks are and how dangerous of devices are and which attacks or devices require administrator to pay attention to. To deal with this problem we put forward a time and space based alert analysis technique which can correlate related alerts without background knowledge and offer attack graph to help the administrator understand the attack steps visibly and efficiently. And a threat evaluation is given to find the most hazardous attack, which further saves administrator's time and energy in handing out large amount alerts.
