Y. Lv, Yuanlong Li, Shuang Xiang, C. Xia, Jingxin Geng
{"title":"基于序列模式挖掘的预警关联算法","authors":"Y. Lv, Yuanlong Li, Shuang Xiang, C. Xia, Jingxin Geng","doi":"10.1109/IAEAC.2015.7428739","DOIUrl":null,"url":null,"abstract":"Sequence correlation method has limits in unknown attacks identification and requires pre-defining the causal relationship between attack behavior. To solve this problem, an alert correlation algorithm, denoted as TPrefixSpan, based on the sequence pattern mining is proposed in this paper, based on PrefixSpan algorithm, TPrefixSpan algorithm introduces time interval that can thoroughly narrow, the search space, then time cost on repeated dataset scan in the sequence pattern mining is greatly saved, the efficiency of the PrefixSpan algorithm is ensured. Compared with PrefixSpan algorithm, TPrefixSpan algorithm generates much precise attacks identification. In order to visualize the correlation rules better, a sequence diagram generation algorithm of attack behavior is put forward.","PeriodicalId":398100,"journal":{"name":"2015 IEEE Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"An alert correlation algorithm based on the sequence pattern mining\",\"authors\":\"Y. Lv, Yuanlong Li, Shuang Xiang, C. Xia, Jingxin Geng\",\"doi\":\"10.1109/IAEAC.2015.7428739\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Sequence correlation method has limits in unknown attacks identification and requires pre-defining the causal relationship between attack behavior. To solve this problem, an alert correlation algorithm, denoted as TPrefixSpan, based on the sequence pattern mining is proposed in this paper, based on PrefixSpan algorithm, TPrefixSpan algorithm introduces time interval that can thoroughly narrow, the search space, then time cost on repeated dataset scan in the sequence pattern mining is greatly saved, the efficiency of the PrefixSpan algorithm is ensured. Compared with PrefixSpan algorithm, TPrefixSpan algorithm generates much precise attacks identification. In order to visualize the correlation rules better, a sequence diagram generation algorithm of attack behavior is put forward.\",\"PeriodicalId\":398100,\"journal\":{\"name\":\"2015 IEEE Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAEAC.2015.7428739\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAEAC.2015.7428739","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An alert correlation algorithm based on the sequence pattern mining
Sequence correlation method has limits in unknown attacks identification and requires pre-defining the causal relationship between attack behavior. To solve this problem, an alert correlation algorithm, denoted as TPrefixSpan, based on the sequence pattern mining is proposed in this paper, based on PrefixSpan algorithm, TPrefixSpan algorithm introduces time interval that can thoroughly narrow, the search space, then time cost on repeated dataset scan in the sequence pattern mining is greatly saved, the efficiency of the PrefixSpan algorithm is ensured. Compared with PrefixSpan algorithm, TPrefixSpan algorithm generates much precise attacks identification. In order to visualize the correlation rules better, a sequence diagram generation algorithm of attack behavior is put forward.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
