• home
• current students
• graduate
• events

Presenter: Sherif Saad
Supervisor: Dr. Issa Traore

Date: Fri, October 3, 2014
Time: 15:00:00 - 00:00:00
Place: EOW 430

ABSTRACT

Summary:

The current generation of IDS generates low level intrusion alerts that describe individual attack events. In addition, existing IDSs tend to generate massive amount of alerts with high rate of redundant alerts and false positives. Typical IDS sensors report attacks independently and are not designed to recognize attack plans or discover multistage attack scenarios. Moreover, not all the attacks executed against the target network will be detected by the IDS. False negatives, which correspond to the attacks missed by the IDS, will either make the reconstruction of the attack scenario impossible or lead to an incomplete attack scenario. Because of the above mentioned reasons, intrusion analysis is a challenging task that mainly relies on the analyst experience and requires manual investigation.

In this seminar we explain how we addressed the above mentioned challenges by proposing a new framework that allows automatic intrusion analysis and attack intelligence extraction by analyzing the alerts and attacks semantics using both machine learning and knowledge-representation approaches.