Uma abordagem para detecção de ataques distribuídos e múltiplas etapas baseada na composição de serviços web voltados para à segurança

Abstract

With the wide use of the Internet and the proliferation of technologies to reproduce attacks, institutions have become target of a variety of intrusion activities, ranging from

simple port scans to complex attacks, such as distributed denial of services and worms. Aiming to develop solutions to minimize the intruder’s chances to succeed in his/her

activities, several research projects have been carried out in the recent years, especially in the area of intrusion detection. Most of the solutions proposed present limitations since they: (a) do not provide an appropriate notation to represent and describe multistage attacks (that allows one to model the flow in which activities are expected be observed); and (b) correlate alerts produced by a reduced group of sensors, while the ideal is to observe evidences generated by the maximum number of available services. To fulfill this gap, this work proposes a language and an architecture to detect distributed multistage attacks. The proposed language, named Multistag