Scheduled System Maintenance:
On May 6th, single article purchases and IEEE account management will be unavailable from 8:00 AM - 12:00 PM ET (12:00 - 16:00 UTC). We apologize for the inconvenience.
By Topic

Analyzing and Correlating Security Events Using State Machine

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Feng Xuewei ; Nat. Key Lab. of Sci. & Technol. on Inf. Syst. Security, Beijing Inst. of Syst. Eng., Beijing, China ; Wang Dongxia ; Zeng Jiemei ; Ma Guoqing
more authors

It is unfeasible to analyze the security events by the manual way for the security manager, because the number of the events is huge and the information contained in the events is meaningless. After analyzing the existing algorithms of security events correlation, we propose an attack scenario reconstruction technology based on state machine. The processes of attackers intruding into the cyberspace can be restored and the more comprehensive attack scenario description information will be generated using this technology. This working lets the security manager more comfy. The state machine based attack scenario reconstruction technology processes security events using clustering analysis and causal analysis concurrently, it builds a correlation state machine in memory for every attack scenario tree which is predefined by the security manager, when security events are coming, the certain state machines will process them, if the condition is satisfied, an attack scenario description information will be generated and then sent to the security manager. The correlating technology based on state machine is more timely and accurately, and at last, we use the DARPA2000 Intrusion Scenario Specific Data Sets to validate the technology, the experiment results show that it is feasible to analyze security events using the technology we proposed.

Published in:

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Date of Conference:

June 29 2010-July 1 2010