Title :
A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction
Author :
Li, Zhi-Tang ; Lei, Jie ; Wang, Li ; Li, Dong
Author_Institution :
Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
A network attack graph provides a global view of all possible sequences of exploits which an intruder may use to penetrate a system. Attack graphs can be generated by model checking techniques or intrusion alert correlation. In this paper we proposed a data mining approach to generating attack graphs. Through association rule mining, the algorithm generates multi-step attack patterns from historical intrusion alerts which comprise the attack graphs. The algorithm also calculates the predictability of each attack scenario in the attack graph which represents the probability for the corresponding attack scenario to be the precursor of future attacks. Then the real-time intrusion alerts can be correlated to attack scenarios and ranked by the predictability scores. The ranking result can help identify the appropriate evidence for intrusion prediction from a large volume of raw intrusion alerts. The approach is validated by DARPA 2000 and DARPA 1999 intrusion detection evaluation datasets.
Keywords :
data mining; probability; security of data; association rule mining; data mining; historical intrusion alerts; intrusion prediction; multistep attack patterns; network attack graph; probability; Accuracy; Association rules; Computer science; Data mining; Data security; Databases; Forensics; Fuzzy systems; Intrusion detection; Probability;
Conference_Titel :
Fuzzy Systems and Knowledge Discovery, 2007. FSKD 2007. Fourth International Conference on
Conference_Location :
Haikou
Print_ISBN :
978-0-7695-2874-8
DOI :
10.1109/FSKD.2007.15
