Title :
Attack scenario construction with a new sequential mining technique
Author :
Li, Wang ; Zhi-Tang, Li ; Dong, Li ; Jie, Lei
Author_Institution :
Huazhong Univ. of Sci. & Technol., Wuhan
fDate :
July 30 2007-Aug. 1 2007
Abstract :
Continuously increasing volume of security data makes it important to develop an advanced alert correlation system that can reduce alert redundancy, intelligently correlate security alerts and detect attack strategies. In this paper, we propose a new method of constructing attack scenarios in order to recognize attacker´s high-level strategies and predict upcoming attack intentions. We mine frequent attack sequence patterns from history high level alert database. We then construct attack scenario models with the operation of online attack behavior pattern matching and correlativity calculation. Our technique overcomes the drawback of manual association rule specification used in other relevant systems. It is easy to implement and it can be used to detect novel multistage attack strategies compared with other existing techniques. Experiments show our approach can effectively construct attack scenarios and accordingly predict next most possible attack behavior.
Keywords :
data mining; security of data; advanced alert correlation system; association rule specification; attack scenario construction; correlativity calculation; data security; frequent attack sequence patterns; high level alert database; pattern matching; sequential mining technique; Artificial intelligence; Computer security; Correlation; Data security; Databases; File servers; History; Information security; Pattern matching; Software engineering; attack scenario construction; correlativity; mining; sequential;
Conference_Titel :
Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2007. SNPD 2007. Eighth ACIS International Conference on
Conference_Location :
Qingdao
Print_ISBN :
978-0-7695-2909-7
DOI :
10.1109/SNPD.2007.395
