Skip to Main Content
Many attacks and suspicious actions cause a huge number of alerts raised by Intrusion Detection Systems (IDSs) on Internet. It is very hot to reveal attacks from these alerts. These alerts are high-quantity but low-quality because of many false alerts raised by IDS and non-relevant alerts caused by different attacks or suspicious actions. We find that various attacks usually adopt similar strategies on internet. So, in this paper, we construct a predefined attack scenario to illustrate the behaviors of attacks and detect attacks adopting known strategies on network. To distinguish different attacks dispersed on cyberspace, we implement a prototype on a novel P2P architecture, which can improve the efficiency of detecting attacks significantly. What is more, our prototype can monitor network in unlimited scale online and perform efficiently and accurately.
Machine Learning and Cybernetics (ICMLC), 2011 International Conference on (Volume:1 )
Date of Conference: 10-13 July 2011