Generation of Attack Scenarios for Evaluating IDS

We focus in this paper to improve the level of intrusion detection system (IDS). This improvement is based on three research areas: classification of attacks, generation of attack scenarios and finally evaluation methods. We will discuss in this article the second area, which consists on the research of meaningful scenarios in order to minimize false and positive alerts reported by an IDS. We will present two algorithms generating these scenarios. The first one allows the conversion of the problem to a constraint programming problem (CSP) and the second one is based on an algorithm to search the shortest path. We will also compare the results of these two algorithms.

[1]  Anas Abou El Kalam,et al.  Defining categories to select representative attack test-cases , 2007, QoP '07.

[2]  Marc Dacier,et al.  Privilege Graph: an Extension to the Typed Access Matrix Model , 1994, ESORICS.

[3]  Stephen D. Wolthusen,et al.  Modeling and execution of complex attack scenarios using interval timed colored Petri nets , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[4]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[5]  Anas Abou El Kalam,et al.  Execution Patterns in Automatic Malware and Human-Centric Attacks , 2008, 2008 Seventh IEEE International Symposium on Network Computing and Applications.

[6]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[7]  Mostafa Azizi,et al.  Amelioration of Attack Classifications for Evaluating and Testing Intrusion Detection System , 2010 .

[8]  Kathleen M. Carley,et al.  MODELING DISTRIBUTED DENIAL OF SERVICE ATTACKS AND DEFENSES , 2002 .

[9]  T. Tidwell,et al.  Modeling Internet Attacks , 2022 .

[10]  Marc Dacier,et al.  Empirical analysis and statistical modeling of attack processes based on honeypots , 2007, ArXiv.

[11]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[12]  Ulf Lindqvist,et al.  Modeling multistep cyber attacks for scenario recognition , 2003, Proceedings DARPA Information Survivability Conference and Exposition.