Research on discovering multi-step attack patterns based on clustering IDS alert sequences

Research on discovering multi-step attack patterns based on clustering IDS alert sequences

A method of discovering multi-step attack patterns from alert data was studied.Alert similarity function was defined to construct the set of attack activity sequences.Sequence alignment technology was used to cluster the similar attack activity sequences.Multi-step attack patterns in a cluster were...

Full description

Saved in:
Bibliographic Details
Main Authors: MEI Hai-bin1, GONG Jian1, ZHANG Ming-hua2
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2011-01-01
Series:Tongxin xuebao
Subjects:
intrusion detection
alert correlation
multi-step attack
clustering
Online Access:http://www.joconline.com.cn/zh/article/74418776/
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1841537806607843328
author MEI Hai-bin1
GONG Jian1
ZHANG Ming-hua2
author_facet MEI Hai-bin1
GONG Jian1
ZHANG Ming-hua2
author_sort MEI Hai-bin1
collection DOAJ
description A method of discovering multi-step attack patterns from alert data was studied.Alert similarity function was defined to construct the set of attack activity sequences.Sequence alignment technology was used to cluster the similar attack activity sequences.Multi-step attack patterns in a cluster were automatically discovered by the longest common subsequence extraction algorithm based on the idea of dynamic programming.The proposed method didn’t depend on large amounts of prior knowledge.Few configuration parameters were needed and it was easy to implement.Experimental results demonstrate the effectiveness of proposed method.
format Article
id doaj-art-94ea4f073d7e496ca86e7b0441e5a8f5
institution Kabale University
issn 1000-436X
language zho
publishDate 2011-01-01
publisher Editorial Department of Journal on Communications
record_format Article
series Tongxin xuebao
spelling doaj-art-94ea4f073d7e496ca86e7b0441e5a8f52025-01-14T08:23:42ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2011-01-0132636974418776Research on discovering multi-step attack patterns based on clustering IDS alert sequencesMEI Hai-bin1GONG Jian1ZHANG Ming-hua2A method of discovering multi-step attack patterns from alert data was studied.Alert similarity function was defined to construct the set of attack activity sequences.Sequence alignment technology was used to cluster the similar attack activity sequences.Multi-step attack patterns in a cluster were automatically discovered by the longest common subsequence extraction algorithm based on the idea of dynamic programming.The proposed method didn’t depend on large amounts of prior knowledge.Few configuration parameters were needed and it was easy to implement.Experimental results demonstrate the effectiveness of proposed method.http://www.joconline.com.cn/zh/article/74418776/intrusion detectionalert correlationmulti-step attackclustering
spellingShingle MEI Hai-bin1
GONG Jian1
ZHANG Ming-hua2
Research on discovering multi-step attack patterns based on clustering IDS alert sequences
Tongxin xuebao
intrusion detection
alert correlation
multi-step attack
clustering
title Research on discovering multi-step attack patterns based on clustering IDS alert sequences
title_full Research on discovering multi-step attack patterns based on clustering IDS alert sequences
title_fullStr Research on discovering multi-step attack patterns based on clustering IDS alert sequences
title_full_unstemmed Research on discovering multi-step attack patterns based on clustering IDS alert sequences
title_short Research on discovering multi-step attack patterns based on clustering IDS alert sequences
title_sort research on discovering multi step attack patterns based on clustering ids alert sequences
topic intrusion detection
alert correlation
multi-step attack
clustering
url http://www.joconline.com.cn/zh/article/74418776/
work_keys_str_mv AT meihaibin1 researchondiscoveringmultistepattackpatternsbasedonclusteringidsalertsequences
AT gongjian1 researchondiscoveringmultistepattackpatternsbasedonclusteringidsalertsequences
AT zhangminghua2 researchondiscoveringmultistepattackpatternsbasedonclusteringidsalertsequences

Similar Items