Abstract | ||
---|---|---|
A network attack graph provides a global view of all possible sequences of exploits which an intruder may use to penetrate a system. Attack graphs can be gen- erated by model checking techniques or intrusion alert correlation. In this paper we proposed a data mining approach to generating attack graphs. Through associ- ation rule mining, the algorithm generates multi-step attack patterns from historical intrusion alerts which comprise the attack graphs. The algorithm also calcu- lates the predictability of each attack scenario in the attack graph which represents the probability for the corresponding attack scenario to be the precursor of fu- ture attacks. Then the real-time intrusion alerts can be correlated to attack scenarios and ranked by the pre- dictability scores. The ranking result can help identify the appropriate evidence for intrusion prediction from a large volume of raw intrusion alerts. The approach is validated by DARPA 2000 and DARPA 1999 intrusion detection evaluation datasets. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1109/FSKD.2007.15 | FSKD (4) |
Keywords | Field | DocType |
data mining,probability,association rule mining,model checking,intrusion detection,real time | Data mining,Predictability,Model checking,Attack patterns,Intrusion,Ranking,Computer science,Exploit,Association rule learning,Artificial intelligence,Intrusion detection system,Machine learning | Conference |
Volume | Issue | ISBN |
4 | null | 0-7695-2874-0 |
Citations | PageRank | References |
12 | 0.68 | 12 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Zhitang Li | 1 | 226 | 31.89 |
Lei Jie | 2 | 37 | 4.56 |
Li Wang | 3 | 12 | 0.68 |
Dong Li | 4 | 44 | 5.18 |