Research on discovering multi-step attack patterns based on clustering IDS alert sequences

Research on discovering multi-step attack patterns based on clustering IDS alert sequences

A method of discovering multi-step attack patterns from alert data was studied.Alert similarity function was defined to construct the set of attack activity sequences.Sequence alignment technology was used to cluster the similar attack activity sequences.Multi-step attack patterns in a cluster were...

Full description

Saved in:
Bibliographic Details
Main Authors: MEI Hai-bin1, GONG Jian1, ZHANG Ming-hua2
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2011-01-01
Series:Tongxin xuebao
Subjects:
intrusion detection
alert correlation
multi-step attack
clustering
Online Access:http://www.joconline.com.cn/zh/article/74418776/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A method of discovering multi-step attack patterns from alert data was studied.Alert similarity function was defined to construct the set of attack activity sequences.Sequence alignment technology was used to cluster the similar attack activity sequences.Multi-step attack patterns in a cluster were automatically discovered by the longest common subsequence extraction algorithm based on the idea of dynamic programming.The proposed method didn’t depend on large amounts of prior knowledge.Few configuration parameters were needed and it was easy to implement.Experimental results demonstrate the effectiveness of proposed method.
ISSN:1000-436X

Similar Items