Title :
Learning attack strategies through mining and correlation of security alarms
Author :
Li, Wang ; Zhi-Tang, Li ; Jie, Lei
Author_Institution :
Comput. Sci. Dept., Huazhong Univ. of Sci. & Technol., Wuhan
fDate :
May 21 2007-Yearly 25 2007
Abstract :
Huge volume of security data from different security devices can overwhelm security managers and keep them from performing effective analysis and initiating timely response. Therefore, it is important to develop an advanced alert correlation system that can reduce alert redundancy, intelligently correlate security alerts and detect attack strategies. In this paper, we proposed a new method of mining multi-stage attack behaviors pattern in order to recognize attacker´s high-level strategies and predict upcoming attack intentions. We apply a reformative Apriori algorithm to mine frequent attack sequence patterns from history alert data. We use correlativity between two contextual elements in the attack sequence to correlate attack behaviors and identify potential attack intentions. The idea is easy to implement and it can be used to detect novel multi-stage attack strategies compared with other techniques. Experiments show that our approach can effectively learn high level attack strategies and can accordingly predict next possible attack behavior.
Keywords :
data mining; learning (artificial intelligence); security of data; advanced alert correlation system; attack strategy learning; data mining; frequent attack sequence pattern mining; reformative a priori algorithm; security alarm; Computer science; Computer security; Correlation; Data security; History; Information security; Intelligent sensors; Pattern recognition; Performance analysis; Technology management; alert; attack sequence pattern; correlativity;
Conference_Titel :
Integrated Network Management, 2007. IM '07. 10th IFIP/IEEE International Symposium on
Conference_Location :
Munich
Print_ISBN :
1-4244-0798-2
Electronic_ISBN :
1-4244-0799-0
DOI :
10.1109/INM.2007.374834
