ATTACK DESCRIPTION LANGUAGE FOR COLLABORATED ALERTS-USINGXML AND UML

Statistics of Internet usage are increasing enormously. In harmony, the attacks are also escalating. In the recent era, IDS have gained more popularity in connection to network security. IDS deployed in the network will scan the hosts and the network. It will try to sense misuse detection or anomaly detection. Whenever there is any suspicious activity, IDS will immediately raise alarm. It would be apt to capture the complete description of the new attack as soon as alarm rises. This information to be collected may be heterogeneous because it may be from multiple users, process or hosts. Hence there is a need for common standard language that will work across various domains and platforms. XML is one such language.Writing an XML schema directly would be difficult and inconvenient. The best way to write XML schemas is to useUML models. Hence in this paper, we propose alert collbaration modeling architecture and attack description language using XML notion, which uses UML modeling.

[1]  Sushil Jajodia,et al.  Modeling requests among cooperating intrusion detection systems , 2000, Comput. Commun..

[2]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[3]  Ivar Jacobson,et al.  The Unified Modeling Language User Guide , 1998, J. Database Manag..

[4]  Sam Supakkul,et al.  Representing Security Goals, Policies, and Objects , 2006, 5th IEEE/ACIS International Conference on Computer and Information Science and 1st IEEE/ACIS International Workshop on Component-Based Software Engineering,Software Architecture and Reuse (ICIS-COMSAR'06).

[5]  E. Amoroso Intrusion Detection , 1999 .

[6]  Peng Ning,et al.  Correlating Alerts Using Prerequisites of Intrusions , 2001 .

[7]  Dimitris Kiritsis,et al.  RFID Technology and Applications: Closing product information loops with product-embedded information devices: RFID technology and applications, models and metrics , 2008 .

[8]  Hervé Debar,et al.  M2D2: A Formal Data Model for IDS Alert Correlation , 2002, RAID.

[9]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Avelino Francisco Zorzo,et al.  Specifying Security Aspects in UML Models , 2008, MODSEC@MoDELS.

[11]  Dan Andersson,et al.  Heterogeneous Sensor Correlation: A Case Study of Live Traffic Analysis , 2001 .

[12]  Frédéric Cuppens,et al.  Managing alerts in a multi-intrusion detection environment , 2001, Seventeenth Annual Computer Security Applications Conference.

[13]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[14]  Harvey M. Deitel XML : how to program , 2001 .

[15]  Alfonso Valdes,et al.  Probabilistic Alert Correlation , 2001, Recent Advances in Intrusion Detection.

[16]  Peng Ning,et al.  Analyzing Intensive Intrusion Alerts via Correlation , 2002, RAID.

[17]  Peng Ning,et al.  An Intrusion Alert Correlator Based on Prerequisites of Intrusions , 2002 .

[18]  Alfonso Valdes,et al.  A Mission-Impact-Based Approach to INFOSEC Alarm Correlation , 2002, RAID.

[19]  Robert K. Cunningham,et al.  Building Scenarios from a Heterogeneous Alert Stream , 2001 .

[20]  Celso C. Ribeiro,et al.  Using UML-F to enhance framework development: a case study in the local search heuristics domain , 2001, J. Syst. Softw..