Deanship of Graduate Studies | Researches | Improving Real Time Intrusion Detection Alerts Analysis for Recognizing Multi-Stage Attacks

Main Page
Deanship
- The Dean
  - Dean's Word
  - Curriculum Vitae
  - Contact the Dean
- Vision and Mission
- Organizational Structure
- Vice- Deanship
- Vice- Dean
- KAU Graduate Studies
Research Services & Courses
- Research Services Unit
- Important Research for Society
- Deanship's Services
  - FAQs
  - Research
  - Staff Directory
  - Files
  - Favorite Websites
  - Deanship Access Map
Graduate Studies Awards
Deanship's Staff
- Staff Directory
Files
Researches
Contact us

- عربي
- English

Deanship of Graduate Studies

Document Details

Document Type	:	Thesis
Document Title	:	Improving Real Time Intrusion Detection Alerts Analysis for Recognizing Multi-Stage Attacks تحسين تحليل تنبيهات كشف الاختراق في الزمن الحقيقي للتعرف على الهجمات الالكترونية متعددة المراحل
Subject	:	Faculty of Computing and Information Technology- Computing Sciences
Document Language	:	Arabic
Abstract	:	With the rise of cyber-attacks, the amount of audited security data such as alerts produced from Intrusion Detection Systems (IDSs) are increased dramatically. IDSs have become one of the most common countermeasures for monitoring safety in computer systems and networks. IDSs generate a massive amount of low-level alerts, in which the information on multi-stage attack scenario is missing. The analysis and management of these massive amounts of alerts have become a critical and challenging issue. Alert correlation is a very useful approach to reduce the volume of alerts and discover multi-stage attack scenarios. In this thesis, a Real-time Multi-stage Attack Recognition System (RMARS) is proposed to recognize multi-stage attack scenarios with their associated severity level in real time. It consists of two parts: offline part which builds attack patterns using the sequential pattern mining algorithm GSP, and online part which receives alerts and predicts upcoming attacks using patterns built in offline part. RMARS presents improvement in the detection and prediction by identifying severity level of discovered multi-stage attack scenarios in real time. In addition, it uses a new method "Candidate Verification" in offline part that calculates alerts correlativity while generating candidate attack sequences to insure that all alerts in selected candidate belong to the same attack scenario. The proposed system has been implemented and evaluated against the specified requirements by a series of experiments using DARPA 2000 data sets. The results show that using "Candidate Verification" method increases the efficiency of generating attack scenario patterns in offline and detecting multi-stage attack in real-time. Moreover, predicting the next step of attack with severity level increases the efficiency of alert analysis system and gives network administrator valuable information to take a decision and deter a serious multi-stage attack to be completed and, hence, protecting the system from getting damaged.
Supervisor	:	Dr. Omaima Bamasak
Thesis Type	:	Master Thesis
Publishing Year	:	1434 AH 2013 AD
Added Date	:	Tuesday, November 19, 2013

Researchers

Researcher Name (Arabic)	Researcher Name (English)	Researcher Type	Dr Grade	Email
فاطمة أحمد باحارث	Bahareth, Fatmah Ahmed	Researcher	Master

Files

File Name	Type	Description
36330.pdf	pdf

Back To Researches Page