The Community for Technology Leaders
2006 IEEE International Conference on e-Business Engineering (ICEBE'06) (2006)
Shanghai, China
Oct. 24, 2006 to Oct. 26, 2006
ISBN: 0-7695-2645-4
pp: 55-61
Wang Li , Huazhong University of Science and Technology, Hubei Wuhan 430074, China
Li Zhi-tang , Huazhong University of Science and Technology, Hubei Wuhan 430074, China
Lei Jie , Huazhong University of Science and Technology, Hubei Wuhan 430074, China
Li Yao , Huazhong University of Science and Technology, Hubei Wuhan 430074, China
ABSTRACT
Large volume of security data can overwhelm security managers and keep them from performing effective analysis and initiating timely response. Therefore, it is important to develop an advanced alert correlation system to reduce alert redundancy, intelligently correlate security alerts and detect attack strategies. In our system, we introduced Statistical Filtering method in attack plan recognition. We apply statistical-based techniques to filter out separated and scattered attack behavior and mining frequent attack sequence patterns from the remainder. We use correlativity between two elements in frequent attack sequences to correlate the attack behavior and identify potential attack intentions based on it. We evaluate our approaches using DARPA 2000 data sets. The experiment shows that our approach can effectively discover attack scenarios in reality, provide a quantitative analysis of attack scenarios.
INDEX TERMS
null
CITATION

L. Yao, W. Li, L. Zhi-tang and L. Jie, "A novel algorithm SF for mining attack scenarios model," 2006 IEEE International Conference on e-Business Engineering (ICEBE'06)(ICEBE), Shanghai, China, 2006, pp. 55-61.
doi:10.1109/ICEBE.2006.9
96 ms
(Ver 3.3 (11022016))