2007 International Conference on Networking, Architecture, and Storage (NAS 2007) (2007)
July 29, 2007 to July 31, 2007
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/NAS.2007.20
Ai-fang Zhang , Huazhong University of Science & Technology, China
Zhi-tang Li , Huazhong University of Science & Technology, China
Dong Li , Huazhong University of Science & Technology, China
Li Wang , Huazhong University of Science & Technology, China
With the growing deployment of network security devices, the large volume of alerts gathered from these devices often overwhelm the administrator, and make it almost impossible to discover complicated multistage attacks in time. It is necessary to develop a real-time system to detect the ongoing attacks and predict the upcoming next step of a multistage attack in alert streams, using known attack patterns. So it is a key mission to make sure that the pattern definition is correct, complete and up to date. In this paper, a classical data mining algorithm is used to help us discover attack patterns, construct and maintain rules. It can overcome the highly dependent on knowledge of experts, time-consuming and error-prone drawbacks in previous approaches using manual analysis. Unfortunately, for a dynamic network environment where novel attack strategies appear continuously, the method shows a limited capability to detect the novel attack patterns. We can address the problem by presenting a novel approach using incremental mining algorithm to discover new attack patterns that appear recently. A series of experiments show the validity of the methods in this paper.
L. Wang, Z. Li, D. Li and A. Zhang, "Discovering Novel Multistage Attack Patterns in Alert Streams," 2007 International Conference on Networking, Architecture, and Storage (NAS 2007)(NAS), Guilin, China, 2007, pp. 115-121.