Title :
Automatic Attack Scenario Construction by Mining Meta-alert Sequences
Author :
Guo Fan ; Yu Min
Author_Institution :
Coll. of Comput. Inf. Eng., Jiang Xi Normal Univ., Nanchang, China
Abstract :
Researchers have been using intrusion scenarios tore present complicated attack procedures at a high abstract level, while, to our best knowledge, none is able to produce the scenarios online. An automatic intrusion scenario construction method is proposed in the paper. According to the source and destination IP pair, and priority of the raw alerts, the method firstly clusters them into different meta-alert sequences, from which frequent closed sequences are mined to construct scenarios, after that, correlation rules between scenarios are mined based on their support. Experiments on Darpa99 and Darpa2000 shows the method can be used to effectively discover attack procedures and run online.
Keywords :
data mining; security of data; alert database; automatic attack scenario construction; correlation rule; frequent closed sequence mining; intrusion detection system; intrusion scenario; meta-alert sequence mining; Correlation; Educational institutions; Electronic mail; Event detection; Intrusion detection; Knowledge engineering; Security; Sensor phenomena and characterization; Statistical analysis; frequent closed sequence; intrusion detection; intrusion scenario; meta-alert sequence;
Conference_Titel :
Web Mining and Web-based Application, 2009. WMWA '09. Second Pacific-Asia Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-0-7695-3646-0
DOI :
10.1109/WMWA.2009.13
