Automatic Multi-Step Attack Pattern Discovering

Free registration required

Executive Summary

Current techniques employed in security alert correlation area for multi-step attack recognition purpose are intricate to be performed due to the complexity of the methods and huge computing workload generated during alert analysis and processing. In this paper, the authors proposed a new method of alert correlation aiming at providing concentrated security event information and thus finding multi-step attack patterns accordingly. They use a kind of extension time window when aggregate the alerts into high level alerts.

  • Format: PDF
  • Size: 1136.64 KB