Attack Graph Generation and Threat Evaluation in Network Situation Awareness (NSA)
Patil Shalaka1, Ahir Minakshi2, Kale Dattatraya3

1Patil Shalaka, B.E. Student, Vishwabharti Academy’s College of Engg., Department of Computer Engg Ahmednagar, (Maharashtra), India.
2Ahir Minakshi, B.E. Student of Vishwabharti Academy’s College of Engg., Department of Computer Engg. Ahmednagar, (Maharashtra), India.
3Kale Dattatraya , B.E. student of Vishwabharti Academy’s College of Engg., Department of Computer Engg. Ahmednagar, (Maharashtra), India.

Manuscript received on February 05, 2013. | Revised Manuscript received on February 12, 2013. | Manuscript published on February 15, 2013. | PP: 79-82 | Volume-1 Issue-3, February 2013 | Retrieval Number: C0146020213/2013©BEIESP
Open Access | Ethics and Policies | Cite
© The Authors. Published By: Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Abstract: A Network is a collection of many devices, where each node is said to be wired or wireless connection between them. And now a day’s most of the threat comes to the network either from outside or from a sort of situation which occurs internally due to many reasons. So the Intrusions or threat which occurs due to these situations are generally more damageable than the normal ones. This paper is introducing a technique to analyze various types of alerts & also generating attack graph for such alerts by using two algorithm i.e. correlation of isolated alerts to alert-pair, attack graph generation. And after analyzing the threat we are also performing evaluation technique to determine the seriousness of the threat and remove it. In this paper our vital focus is on alert analysis. In the current intrusion detection systems, it produces large volumes of alerts. These overwhelming alerts make it challenging to recognize and manage them. Therefore, we have to condense the amount of the alerts and external useful information from them. However, the NSA requires the alert analysis techniques to suggest high-level information such as how serious of attacks are and how dangerous of devices are and which attacks or devices require administrator to pay attention to. To deal with this problem we put forward a time and space based alert analysis technique which can correlate related alerts without background knowledge and offer attack graph to help the administrator understand the attack steps visibly and efficiently. And a threat evaluation is given to find the most hazardous attack, which further saves administrator’s time and energy in handing out large amount alerts.
Keywords: DARPA IDS Evaluation Dataset, Intrusion Detection, NIDS, Snort.