MAD: Multistep Attack Detection

Fri, 12/17/2010 - 13:23 — mirco.marchetti

MAD: Multistep Attack Detection

Multistep attacks, that involve multiple correlated intrusion activities to reach the intended target, are common in the current cybersecurity landscape. On the other hand, modern Network Intrusion Detection Systems (NIDS) are still designed to generate alerts related to single attacks, with no or minimal correlations between dierent security alerts. Hence the burden of correlating security alerts and reconstructing complete attack scenarios is entirely placed on system administrators.

This project aims to solve this issue by applying novel correlation techniques to security alerts generated by Intrusion Detection Systems.

Related Publications

Fabio Manganiello, Mirco Marchetti, Michele Colajanni "Multistep attack detection and alert correlation in intrusion detection systems", Techcnical report, submitted for publication.
Master Thesis by Fabio Manganiello: "Machine learning algorithms for clustering and correlating security alerts in Intrusion Detection Systems", University of Modena and Reggio Emilia, December 2010

Attachment	Size
Master Thesis by Fabio Manganiello "Machine learning algorithms for clustering and correlating security alerts in intrusion detection systems"	1.32 MB
correlation_graph.png	442.87 KB
attack_scenarios.xml	51.72 KB
snort_aipreproc.tar.bz2	963.55 KB

Information Systems Security

Interdepartment Center for Research on Security and Safety

Sections

Navigation