원문정보
초록
영어
As for network security, post-IDS alert analysis has become a fashion in view of collaboration and correlation, and context-aware alert verification is one of the main solutions. In order to guarantee a unified representation of related information and knowledge, this paper tries to introduce basic-elements and the extension method into the study on context-aware alert verification. This paper then proposes the use of basic-elements to realize the formal presentation of alert information and context information in a unified manner, and applies the extension method based on basic-elements for context-aware alert verification by utilizing the extension set and the extension analysis. The evaluation result of validation scenarios shows that, the proposed approach prospects a formalized way to context-aware alert verification for network security with an appropriate use of the extension method based on basic-elements.
목차
1. Introduction
2. Formal Representations of Alert Information and ContextInformation based on Basic-elements
2.1. Formalization of Security Information based on Basic-elements
2.2. Formalization of Alert Information for Network Security using Affair-elements
2.3. Formalization of Context Information for Network Security using Matter-elements
3. Application of the Extension Set for Context-aware Alert Verification
3.1. The Extension Set Point of View for Context-aware Alert Verification
3.2. State Transition for Network Security using the Extension Set
4. Application of the Extension Analysis based on Divergence-tree forContext-aware alert Verification
4.1. Divergence-tree for Extension Analysis
4.2. Validation Scenarios
5. Conclusions
Acknowledgements
References