Discovering Novel Multistage Attack Patterns in Alert Streams

Ai-fang Zhang; Li Wang; Zhi-tang Li; Dong Li

doi:10.1109/NAS.2007.20

N
NAS
2007
International Conference on Networking, Architecture, and Storage (NAS 2007)
Abstract - Discovering Novel Multistage Attack Patterns in Alert Streams

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ai-fang Zhang Articles by Zhi-tang Li Articles by Dong Li Articles by Li Wang

International Conference on Networking, Architecture, and Storage (NAS 2007)

Discovering Novel Multistage Attack Patterns in Alert Streams

Guilin, China

July 29-July 31

ISBN: 0-7695-2927-5

	ASCII Text	x
	Ai-fang Zhang, Zhi-tang Li, Dong Li, Li Wang, "Discovering Novel Multistage Attack Patterns in Alert Streams," Networking, Architecture, and Storage, International Conference on, pp. 115-121, International Conference on Networking, Architecture, and Storage (NAS 2007), 2007.

	BibTex	x
	@article{ 10.1109/NAS.2007.20, author = {Ai-fang Zhang and Zhi-tang Li and Dong Li and Li Wang}, title = {Discovering Novel Multistage Attack Patterns in Alert Streams}, journal ={Networking, Architecture, and Storage, International Conference on}, volume = {0}, year = {2007}, isbn = {0-7695-2927-5}, pages = {115-121}, doi = {http://doi.ieeecomputersociety.org/10.1109/NAS.2007.20}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Networking, Architecture, and Storage, International Conference on TI - Discovering Novel Multistage Attack Patterns in Alert Streams SN - 0-7695-2927-5 SP115 EP121 A1 - Ai-fang Zhang, A1 - Zhi-tang Li, A1 - Dong Li, A1 - Li Wang, PY - 2007 KW - null VL - 0 JA - Networking, Architecture, and Storage, International Conference on ER -

Ai-fang Zhang, Huazhong University of Science & Technology, China

Zhi-tang Li, Huazhong University of Science & Technology, China

Dong Li, Huazhong University of Science & Technology, China

Li Wang, Huazhong University of Science & Technology, China

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/NAS.2007.20

With the growing deployment of network security devices, the large volume of alerts gathered from these devices often overwhelm the administrator, and make it almost impossible to discover complicated multistage attacks in time. It is necessary to develop a real-time system to detect the ongoing attacks and predict the upcoming next step of a multistage attack in alert streams, using known attack patterns. So it is a key mission to make sure that the pattern definition is correct, complete and up to date. In this paper, a classical data mining algorithm is used to help us discover attack patterns, construct and maintain rules. It can overcome the highly dependent on knowledge of experts, time-consuming and error-prone drawbacks in previous approaches using manual analysis. Unfortunately, for a dynamic network environment where novel attack strategies appear continuously, the method shows a limited capability to detect the novel attack patterns. We can address the problem by presenting a novel approach using incremental mining algorithm to discover new attack patterns that appear recently. A series of experiments show the validity of the methods in this paper.

Citation:

Ai-fang Zhang, Zhi-tang Li, Dong Li, Li Wang, "Discovering Novel Multistage Attack Patterns in Alert Streams," nas, pp.115-121, International Conference on Networking, Architecture, and Storage (NAS 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.