Early Warning and Intrusion Detection based on Combined AI Methods

نویسندگان

  • Stefan Edelkamp
  • Carsten Elfers
  • Mirko Horstmann
  • Thomas Wagner
چکیده

In this paper we survey the architecture and AI aspects in our project on early warningand intrusion detection based on combined AI methods. We address the problem of alarm assessment in intrusion detection and use plan reconstruction based on hierarchically organised procedural knowledge that contains descriptions of adversary actions. Reconstructed plans are supposed to correlate events and alarms from a SIEM and provide explanations for a security expert. We also aim at predicting the next steps of multi-stage intrusion attacks in computer networks. Therefore a probabilistic relational reasoning over time method based on hidden Markov

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

MHIDCA: Multi Level Hybrid Intrusion Detection and Continuous Authentication for MANET Security

Mobile ad-hoc networks have attracted a great deal of attentions over the past few years. Considering their applications, the security issue has a great significance in them. Security scheme utilization that includes prevention and detection has the worth of consideration. In this paper, a method is presented that includes a multi-level security scheme to identify intrusion by sensors and authe...

متن کامل

Karsten Bsufka , Olaf Kroll - Peters , Sahin Albayrak : Intelligent Network - Based Early Warning Systems

In this paper we present an approach for an agent-based early warning system (A-EWS) for critical infrastructures. In our approach we combine existing security infrastructures, e.g. firewalls or intrusion detection systems, with new detection approaches to create a global view and to determine the current threat state.

متن کامل

WG Early Warning Systems

Early Warning Systems aim at detecting unclassified but potentially harmful system behavior based on preliminary indications and are complementary to Intrusion Detection Systems. Both kinds of systems try to detect, identify and react before possible damage occurs and contribute to an integrated and aggregated situation report (big picture). A particular emphasis of Early Warning Systems is to ...

متن کامل

Components for Cooperative Intrusion Detection in Dynamic Coalition Environments

We present a prototype of an Intrusion Warning System for combining event message flows of multiple domain-specific security tools in order to determine anomalies for early warning and response. Unlike other approaches for cooperating Intrusion Detection Systems (IDS), we suggest a modified star shape architecture for distributing attack information and feed back warning messages. We assume tha...

متن کامل

Survey of Event Correlation Techniques for Attack Detection in Early Warning Systems

In the context of early warning systems for detecting Internet worms and other attacks, event correlation techniques are needed for two reasons. First, network attack detection is usually based on distributed sensors, e.g. intrusion detection systems. During attacks but even in normal operation, the generated amount of events is hard to handle in order to evaluate the current attack situation f...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009