• DocumentCode
    3758874
  • Title

    An alert correlation algorithm based on the sequence pattern mining

  • Author

    Yanli Lv;Shuang Xiang;Jingxin Geng;Yuanlong Li;Chunhe Xia

  • Author_Institution
    Beijing Key Laboratory of Network Technology, Beihang University, Information center of Ministry of Science and Technology of the People´s Republic of China, Beijing, P.R. China
  • fYear
    2015
  • Firstpage
    1146
  • Lastpage
    1151
  • Abstract
    Sequence correlation method has limits in unknown attacks identification and requires pre-defining the causal relationship between attack behavior. To solve this problem, an alert correlation algorithm, denoted as TPrefixSpan, based on the sequence pattern mining is proposed in this paper, based on PrefixSpan algorithm, TPrefixSpan algorithm introduces time interval that can thoroughly narrow, the search space, then time cost on repeated dataset scan in the sequence pattern mining is greatly saved, the efficiency of the PrefixSpan algorithm is ensured. Compared with PrefixSpan algorithm, TPrefixSpan algorithm generates much precise attacks identification. In order to visualize the correlation rules better, a sequence diagram generation algorithm of attack behavior is put forward.
  • Keywords
    "Decision support systems","Correlation","Algorithm design and analysis"
  • Publisher
    ieee
  • Conference_Titel
    Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), 2015 IEEE
  • Print_ISBN
    978-1-4799-1979-6
  • Type

    conf

  • DOI
    10.1109/IAEAC.2015.7428739
  • Filename
    7428739
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3758874