Title :
Learning attack strategies through attack sequence mining method
Author :
Li, Wang ; Zhi-Tang, Li ; Jun, Fan
Author_Institution :
Dept. of Comput. Sci., Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
Since security audit data increased so dramatically, management and analysis of these security data become a challenge issue. In our system SATA (security alerts and threat analysis), we proposed a new method of learning multi-stage attack strategies through attack sequence mining method to recognize attacker´s high-level strategies and predicting upcoming attack intentions. We first apply an attack sequence mining algorithm to mine attack behavior sequence patterns from alarm database. We then correlate the attack behaviors matched with certain attack sequence pattern to identify potential attack intentions. Our technique is easy to implement and it can be used to detect novel multi-stage attack strategies. The primary experiments show that our approach is effective and practical.
Keywords :
data mining; learning (artificial intelligence); security of data; attack sequence mining method; learning attack strategies; security alerts; security audit data; threat analysis; Aggregates; Computer science; Computer security; Data security; Filters; Intelligent sensors; Pattern matching; Performance analysis; Technology management; Transaction databases;
Conference_Titel :
Communication Technology, 2006. ICCT '06. International Conference on
Conference_Location :
Guilin
Print_ISBN :
1-4244-0800-8
Electronic_ISBN :
1-4244-0801-6
DOI :
10.1109/ICCT.2006.341980