Title :
Real-Time Correlation of Network Security Alerts
Author :
Li, Zhitang ; Zhang, Aifang ; Lei, Jie ; Wang, Li
Author_Institution :
Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
With the growing deployment of network security devices, it becomes a great challenge to manage the large volume of security alerts from these devices. In this paper a novel method using sequential pattern mining algorithm is applied to discover complicated multistage attack behavior patterns. Their result can be transformed into rules automatically. In contrast with other approaches, it overcomes the drawback of high dependence on precise attack specifications and accurate rule definitions. Based on the algorithms, a real-time alert correlation system is proposed to detect an ongoing attack and predict the upcoming next step of a multistage attack in real time. Consequently, network administrator can be aware of the threat as soon as possible and take deliberate action to prevent the target of an attack from further compromise. We implement the system and valid our method by a series of experiments with test dataset and in real network environment. The result shows the effectivity of the system in discovery and predication of attacks.
Keywords :
data mining; security of data; multistage attack behavior patterns; network administrator; network security alerts; real-time alert correlation system; real-time correlation; sequential pattern mining algorithm; Computer network management; Computer networks; Computer security; Conference management; Data security; Engineering management; Information security; Real time systems; System testing; Technology management;
Conference_Titel :
e-Business Engineering, 2007. ICEBE 2007. IEEE International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-0-7695-3003-1
DOI :
10.1109/ICEBE.2007.69
