Automatic multi-step attack pattern discovering
نویسندگان
چکیده
Current techniques employed in security alert correlation area for multi-step attack recognition purpose are intricate to be performed due to the complexity of the methods and huge computing workload generated during alert analysis and processing. In this paper, we proposed a new method of alert correlation aiming at providing concentrated security event information and thus finding multi-step attack patterns accordingly. We use a kind of extension time window when aggregate the alerts into high level alerts. We then connect hyper alerts into candidate multistep attack patterns according to their IP address association. The final real multi-step attack patterns are discovered from these connected attack patterns with quantitative correlation calculation method. The method is easy to implement and practical to deploy which is proved by the result of our experiments. The experiment also shows our approach can effectively find real multi-step attack behavior patterns and can be used to identify true attack threats.
منابع مشابه
Poster: An Automatic Multi-Step Attack Pattern Mining Approach for Massive WAF Alert Data
This paper introduce a three-stage approach that can automatically mining multi-step attack patterns from massive alert data of web application firewalls. The first stage extracts attack sequences, and the second stage clusters similar attack sequences. At the last stage we recognize an attack pattern for each cluster. We conducted our experiments on real-world WAF alert data obtained from a fa...
متن کاملNew Multi-step Worm Attack Model
The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional worms attack pattern has been analyzed from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack patte...
متن کاملA multi-scale convolutional neural network for automatic cloud and cloud shadow detection from Gaofen-1 images
The reconstruction of the information contaminated by cloud and cloud shadow is an important step in pre-processing of high-resolution satellite images. The cloud and cloud shadow automatic segmentation could be the first step in the process of reconstructing the information contaminated by cloud and cloud shadow. This stage is a remarkable challenge due to the relatively inefficient performanc...
متن کاملFrequent Pattern-growth Algorithm on Multi-core CPU and GPU Processors
Discovering association rules that identify relationships among sets of items is an important problem in data mining. It’s a two steps process, the first step finds all frequent itemsets and the second one constructs association rules from these frequent sets. Finding frequent itemsets is computationally the most expensive step in association rules discovery algorithms. Utilizing parallel archi...
متن کاملAutomatic Modeling of Frequent User Behaviours in Intelligent environments
Intelligent Environments depend on their capability to understand and anticipate user’s habits and needs. Therefore, learning user’s common behaviours becomes an important step towards allowing an environment to provide such personalized services. Due to the complexity of the entire learning system, this paper will focus on the automatic discovering of models of user’s behaviours. Discovering t...
متن کامل