Forecast of intrusion behavior based on interactive knowledge discovery

Forecasting intending intrusion according to intrusion preludes is vital in computer security. One novel intrusion behavior forecast system based on interactive knowledge discovery, which consists of off-line interactive knowledge discovery and on-line forecast, is put forward. As to the former, the algorithm of sequential pattern discovery, WINEPI, is introduced to implement interactive knowledge discovery so as to mine frequent sequential patterns, of intrusion behavior from historical intrusion, event dataset. A novel idea of correlating discovered short sequential patterns based on intrusion prerequisite and intrusion intention is proposed to build long sequential patterns. As to the on-line part of intrusion behavior forecast system, it employs inference engine developed in this paper to forecast intrusion behavior based on intrusion preludes and to discover forecast rules. This system changes passive data storage into active data usage and helps to achieve active defense. Application in the integrated network security monitor and defense system named Net-Keeper have shown that all forecast accuracies are greater than 75%, which proves this system is feasible.