• DocumentCode
    3291661
  • Title

    Automatic Attack Scenario Construction by Mining Meta-alert Sequences

  • Author

    Guo Fan ; Yu Min

  • Author_Institution
    Coll. of Comput. Inf. Eng., Jiang Xi Normal Univ., Nanchang, China
  • fYear
    2009
  • fDate
    6-7 June 2009
  • Firstpage
    149
  • Lastpage
    153
  • Abstract
    Researchers have been using intrusion scenarios tore present complicated attack procedures at a high abstract level, while, to our best knowledge, none is able to produce the scenarios online. An automatic intrusion scenario construction method is proposed in the paper. According to the source and destination IP pair, and priority of the raw alerts, the method firstly clusters them into different meta-alert sequences, from which frequent closed sequences are mined to construct scenarios, after that, correlation rules between scenarios are mined based on their support. Experiments on Darpa99 and Darpa2000 shows the method can be used to effectively discover attack procedures and run online.
  • Keywords
    data mining; security of data; alert database; automatic attack scenario construction; correlation rule; frequent closed sequence mining; intrusion detection system; intrusion scenario; meta-alert sequence mining; Correlation; Educational institutions; Electronic mail; Event detection; Intrusion detection; Knowledge engineering; Security; Sensor phenomena and characterization; Statistical analysis; frequent closed sequence; intrusion detection; intrusion scenario; meta-alert sequence;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Web Mining and Web-based Application, 2009. WMWA '09. Second Pacific-Asia Conference on
  • Conference_Location
    Wuhan
  • Print_ISBN
    978-0-7695-3646-0
  • Type

    conf

  • DOI
    10.1109/WMWA.2009.13
  • Filename
    5232489
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3291661