Which packet did they catch? Associating NIDs alerts with their communication sessions

Ryosuke Ishibashi, Hiroki Goto, Chansu Han, Tao Ban, Takeshi Takahashi, Jun'ichi Takeuchi

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

抄録

Virtually every enterprise network has deployed intrusion detection systems (NIDSes) for security threats detection, prevention, and response. To defend against cyberattacks with increasing diversity and intensity, there is a pressing need to implement artificial intelligence (AI)-powered NIDS system which can unify the strength of existing solutions. In this paper, we explore the feasibility of leveraging existing security solutions to generate labeled datasets that can facilitate the development of such an advanced AI-powered NIDS. Assigning proper labels to communication sessions that are detected as suspicious by NIDSes are carried out in the following steps. First, from the captured packet file, we locate the communication sessions that trigger the detection rules of deployed NIDSes. Second, for each located communication session, we investigate the causal factors in the session packets and assign a unified alert-type label to it by taking account of information presented in multiple NIDS alerts associated with it. Finally, we output the packet data of the investigated communication sessions and their corresponding alert-type labels, which will be taken as input by AI-powered analysis engines. We demonstrate case studies to apply the proposed method to solve tasks such as creating labeled NIDS datasets, performance evaluation between different NIDSes, and automation of the security triage process.

本文言語英語
ホスト出版物のタイトルProceedings - 2021 16th Asia Joint Conference on Information Security, AsiaJCIS 2021
出版社Institute of Electrical and Electronics Engineers Inc.
ページ9-16
ページ数8
ISBN(電子版)9781665417884
DOI
出版ステータス出版済み - 8 2021
イベント16th Asia Joint Conference on Information Security, AsiaJCIS 2021 - Seoul, 大韓民国
継続期間: 8 19 20218 20 2021

出版物シリーズ

名前Proceedings - 2021 16th Asia Joint Conference on Information Security, AsiaJCIS 2021

会議

会議16th Asia Joint Conference on Information Security, AsiaJCIS 2021
国/地域大韓民国
CitySeoul
Period8/19/218/20/21

All Science Journal Classification (ASJC) codes

  • コンピュータ ネットワークおよび通信
  • 情報システムおよび情報管理
  • 安全性、リスク、信頼性、品質管理

フィンガープリント

「Which packet did they catch? Associating NIDs alerts with their communication sessions」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル