Fuzzy Systems and Knowledge Discovery, Fourth International Conference on (2007)
Haikou, Hainan, China
Aug. 24, 2007 to Aug. 27, 2007
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/FSKD.2007.15
Zhi-tang Li , Huazhong University
Jie Lei , Huazhong University
Li Wang , Huazhong University
Dong Li , Huazhong University
A network attack graph provides a global view of all possible sequences of exploits which an intruder may use to penetrate a system. Attack graphs can be gen- erated by model checking techniques or intrusion alert correlation. In this paper we proposed a data mining approach to generating attack graphs. Through associ- ation rule mining, the algorithm generates multi-step attack patterns from historical intrusion alerts which comprise the attack graphs. The algorithm also calcu- lates the predictability of each attack scenario in the attack graph which represents the probability for the corresponding attack scenario to be the precursor of fu- ture attacks. Then the real-time intrusion alerts can be correlated to attack scenarios and ranked by the pre- dictability scores. The ranking result can help identify the appropriate evidence for intrusion prediction from a large volume of raw intrusion alerts. The approach is validated by DARPA 2000 and DARPA 1999 intrusion detection evaluation datasets.
J. Lei, D. Li, Z. Li and L. Wang, "A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction," 2007 International Conference on Fuzzy Systems and Knowledge Discovery(FSKD), Haikou, 2007, pp. 307-311.