The Community for Technology Leaders
Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007) (2007)
Qingdao
July 30, 2007 to Aug. 1, 2007
ISBN: 0-7695-2909-7
pp: 872-877
Wang Li , Huazhong University of Science and Technology, China
Li Zhi-tang , Huazhong University of Science and Technology, China
Li Dong , Huazhong University of Science and Technology, China
Lei Jie , Huazhong University of Science and Technology, China
ABSTRACT
Continuously increasing volume of security data makes it important to develop an advanced alert correlation system that can reduce alert redundancy, intelligently correlate security alerts and detect attack strategies. In this paper, we propose a new method of constructing attack scenarios in order to recognize attacker?s high-level strategies and predict upcoming attack intentions. We mine frequent attack sequence patterns from history high level alert database. We then construct attack scenario models with the operation of online attack behavior pattern matching and correlativity calculation. Our technique overcomes the drawback of manual association rule specification used in other relevant systems. It is easy to implement and it can be used to detect novel multi-stage attack strategies compared with other existing techniques. Experiments show our approach can effectively construct attack scenarios and accordingly predict next most possible attack behavior.
INDEX TERMS
attack scenario construction, sequential mining, correlativity
CITATION

L. Jie, W. Li, L. Zhi-tang and L. Dong, "Attack scenario construction with a new sequential mining technique," Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)(SNPD), Haier International Training Center, Qingdao, China, 2007, pp. 872-877.
doi:10.1109/SNPD.2007.395
94 ms
(Ver 3.3 (11022016))