Title :
An alert correlation algorithm based on the sequence pattern mining
Author :
Yanli Lv;Shuang Xiang;Jingxin Geng;Yuanlong Li;Chunhe Xia
Author_Institution :
Beijing Key Laboratory of Network Technology, Beihang University, Information center of Ministry of Science and Technology of the People´s Republic of China, Beijing, P.R. China
Abstract :
Sequence correlation method has limits in unknown attacks identification and requires pre-defining the causal relationship between attack behavior. To solve this problem, an alert correlation algorithm, denoted as TPrefixSpan, based on the sequence pattern mining is proposed in this paper, based on PrefixSpan algorithm, TPrefixSpan algorithm introduces time interval that can thoroughly narrow, the search space, then time cost on repeated dataset scan in the sequence pattern mining is greatly saved, the efficiency of the PrefixSpan algorithm is ensured. Compared with PrefixSpan algorithm, TPrefixSpan algorithm generates much precise attacks identification. In order to visualize the correlation rules better, a sequence diagram generation algorithm of attack behavior is put forward.
Keywords :
"Decision support systems","Correlation","Algorithm design and analysis"
Conference_Titel :
Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), 2015 IEEE
Print_ISBN :
978-1-4799-1979-6
DOI :
10.1109/IAEAC.2015.7428739
