A novel algorithm SF for mining attack scenarios model

Author

Li, Wang ; Zhi-tang, Li ; Jie, Lei ; Yao, Li

Author_Institution

Dept. of Comput. Sci., Huazhong Univ. of Sci. & Technol., Wuhan

fYear

2006

fDate

Oct. 2006

Firstpage

55

Lastpage

61

Abstract

Large volume of security data can overwhelm security managers and keep them from performing effective analysis and initiating timely response. Therefore, it is important to develop an advanced alert correlation system to reduce alert redundancy, intelligently correlate security alerts and detect attack strategies. In our system, we introduced statistical filtering method in attack plan recognition. We apply statistical-based techniques to filter out separated and scattered attack behavior and mining frequent attack sequence patterns from the remainder. We use correlativity between two elements in frequent attack sequences to correlate the attack behavior and identify potential attack intentions based on it. We evaluate our approaches using DARPA 2000 data sets. The experiment shows that our approach can effectively discover attack scenarios in reality, provide a quantitative analysis of attack scenarios

Keywords

correlation methods; data mining; filtering theory; security of data; statistical analysis; advanced alert correlation system; attack plan recognition; data security; frequent attack sequence pattern mining; statistical filtering; Algorithm design and analysis; Computer science; Computer security; Correlation; Data security; Information security; Intelligent sensors; Intrusion detection; Performance analysis; Technology management;

fLanguage

English

Publisher

ieee

Conference_Titel

e-Business Engineering, 2006. ICEBE '06. IEEE International Conference on

Conference_Location

Shanghai

Print_ISBN

0-7695-2645-4

Type

conf

DOI

10.1109/ICEBE.2006.9

Filename

4031633