| Popis: |
Manual approaches rely on the abilities and knowledge of individual human administrators to detect, analyze, and interpret attacks. Intrusion Detection Systems (IDS) are systems that can automatically detect and warn the appropriate persons when an attack occurs. Despite the fact that individual attacks can be useful, they are frequently insufficient for understanding the entire attacking process, as well as the attackers' talents and objectives. The attacking stage is usually merely a component of a larger infiltration process, during which attackers gather information and set up the proper conditions before launching an attack, after which they clear log records in order to conceal their footprints and disappear. In today's assault scenarios, the pre-definition of cause-and-effect links between events is required, which is a tough and time-consuming task that takes considerable effort. Our technique for creating attack scenarios is based on the linking nature of web pages, and it does not require the pre-definition of cause and effect links, as demonstrated in previous work. Constructed situations are displayed in spatial and temporal coordinate systems to make viewing and analyzing them more convenient. In addition, we develop a prototype implementation of the concept, which we utilize to test a number of assault scenario scenarios. |
