{"title":"基于元警报序列挖掘的自动攻击场景构建","authors":"Guo Fan, Yu Min","doi":"10.1109/WMWA.2009.13","DOIUrl":null,"url":null,"abstract":"Researchers have been using intrusion scenarios tore present complicated attack procedures at a high abstract level, while, to our best knowledge, none is able to produce the scenarios online. An automatic intrusion scenario construction method is proposed in the paper. According to the source and destination IP pair, and priority of the raw alerts, the method firstly clusters them into different meta-alert sequences, from which frequent closed sequences are mined to construct scenarios, after that, correlation rules between scenarios are mined based on their support.Experiments on Darpa99 and Darpa2000 shows the method can be used to effectively discover attack procedures and run online.","PeriodicalId":375180,"journal":{"name":"2009 Second Pacific-Asia Conference on Web Mining and Web-based Application","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Automatic Attack Scenario Construction by Mining Meta-alert Sequences\",\"authors\":\"Guo Fan, Yu Min\",\"doi\":\"10.1109/WMWA.2009.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Researchers have been using intrusion scenarios tore present complicated attack procedures at a high abstract level, while, to our best knowledge, none is able to produce the scenarios online. An automatic intrusion scenario construction method is proposed in the paper. According to the source and destination IP pair, and priority of the raw alerts, the method firstly clusters them into different meta-alert sequences, from which frequent closed sequences are mined to construct scenarios, after that, correlation rules between scenarios are mined based on their support.Experiments on Darpa99 and Darpa2000 shows the method can be used to effectively discover attack procedures and run online.\",\"PeriodicalId\":375180,\"journal\":{\"name\":\"2009 Second Pacific-Asia Conference on Web Mining and Web-based Application\",\"volume\":\"54 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Second Pacific-Asia Conference on Web Mining and Web-based Application\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WMWA.2009.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Second Pacific-Asia Conference on Web Mining and Web-based Application","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WMWA.2009.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automatic Attack Scenario Construction by Mining Meta-alert Sequences
Researchers have been using intrusion scenarios tore present complicated attack procedures at a high abstract level, while, to our best knowledge, none is able to produce the scenarios online. An automatic intrusion scenario construction method is proposed in the paper. According to the source and destination IP pair, and priority of the raw alerts, the method firstly clusters them into different meta-alert sequences, from which frequent closed sequences are mined to construct scenarios, after that, correlation rules between scenarios are mined based on their support.Experiments on Darpa99 and Darpa2000 shows the method can be used to effectively discover attack procedures and run online.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
