Title: Event-driven architecture based on patterns for detecting complex attacks

Authors: Jesus J. Martinez Molina, Miguel A. Hernandez Ruiz, Manuel Gil Perez, Gregorio Martinez Perez, Antonio F. Gomez Skarmeta

Addresses: Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Campus de Espinardo s/n, Murcia, 30071, Spain. ' Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Campus de Espinardo s/n, Murcia, 30071, Spain. ' Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Campus de Espinardo s/n, Murcia, 30071, Spain. ' Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Campus de Espinardo s/n, Murcia, 30071, Spain. ' Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Campus de Espinardo s/n, Murcia, 30071, Spain

Abstract: Complex multistep attacks are the most usual way of performing computer intrusions nowadays. Unfortunately, not many efforts have been done so far to cope with this kind of intrusions, especially considering possible mutations or changes that a given step may have in any complex attack. In this context, this paper describes the design and the first prototype of an architecture built to cope with complex attacks. It lays on a three-tier approach and makes use of events and patterns, as well as two probabilistic values to manage possible variations of an attack. An illustrative example for the directory traversal bug has been described in detail as well.

Keywords: intrusion detection systems; IDS; complex attacks; correlation techniques; graph attacks; performance measurements; event-driven architecture; multistep attacks; directory traversal bug; computer intrusions.

DOI: 10.1504/IJCCBS.2010.036602

International Journal of Critical Computer-Based Systems, 2010 Vol.1 No.4, pp.283 - 309

Published online: 04 Nov 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article