Title | ||
---|---|---|
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams |
Abstract | ||
---|---|---|
In this paper, we present a method of handling the visualization of hetereogeneous event traffic that is generated by intrusion detection sensors, log files and other event sources on a computer network from the point of view of detecting multistage attack paths that are of importance. We perform aggregation and correlation of these events based on their semantic content to generate Attack Tracks that are displayed to the analyst in real-time. Our tool, called the Event Correlation for Cyber-Attack Recognition System (EC-CARS) enables the analyst to distinguish and separate an evolving multistage attack from the thousands of events generated on a network. We focus here on presenting the environment and framework for multistage attack detection using ECCARS along with screenshots that demonstrate its capabilities. |
Year | DOI | Venue |
---|---|---|
2006 | 10.1145/1179576.1179578 | VizSEC |
Keywords | Field | DocType |
event correlation,attack tracks,multistage attack,multistage attack detection,heterogeneous event stream,intrusion detection sensor,hetereogeneous event traffic,multistage attack path,cyber-attack recognition system,event source,computer network,intrusion detection,visualization,real time | Data mining,Recognition system,Visualization,Computer security,Computer science,Real-time computing,Event correlation,Intrusion detection system | Conference |
ISBN | Citations | PageRank |
1-59593-549-5 | 17 | 0.88 |
References | Authors | |
13 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
S. Mathew | 1 | 17 | 0.88 |
R. Giomundo | 2 | 17 | 0.88 |
S. Upadhyaya | 3 | 81 | 7.01 |
M. Sudit | 4 | 17 | 0.88 |
A. Stotz | 5 | 17 | 0.88 |