Abstract
This paper proposed an attack pattern mining algorithm based on improved fuzzy clustering and sequence pattern mining. The method combines the advantage of fuzzy clustering to describe the similarity between security logs and the advantage of sequence pattern to describe the logical relationship in attacking steps. The experimental results show that the algorithm can effectively mine the attack pattern, improve the accuracy and generate more effective attack pattern.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
National Computer Network Emergency Response Coordination Center: 2015 China Internet Security Report. People’s Posts and Telecommunications Press, Beijing (2015)
Kokila, R.T., Thamarai Selvi, S., Govindarajan, K.: DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 2014 Sixth International Conference on Advanced Computing (ICoAC) pp. 205–210 (2014)
Templeton Steven, J., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the 2000 workshop on New security paradigms, pp. 31–38 (2000)
Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alert. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 245–254 (2002)
Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: Proceedings of the 17th Annual Computer Security Applications Conference, pp. 22–31 (2001)
Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 202–215 (2002)
Cuppens, F., Autrel, F., Miege, A., et al.: Correlation in an intrusion detection process. In: Proceedings of the SECI02 Workshop, pp. 153–171 (2002)
Qin, X., Lee, W.: Causal discovery-based alert correlation. In: Proceedings of the 21st Annual Computer Security Application Conference, pp. 33–40 (2005)
Qin, X, Lee, W.: Discovering novel attack strategies from INFOSEC alerts. In: Proceedings of the 9th European Symposium on Research in Computer Security, pp. 439–456 (2004)
Zhu, B., Ghorbani, A.A.: Alert correlation for extracting attack strategies. Int. J. Netw. Secur. 3(3) (2006)
Kavousi, F., Akbari, B.: A Bayesian network-based approach for learning attack strategies from intrusion alerts. Secur. Commun. Netw. 7(7), 833–853 (2014)
Zhang, A.F., Li, Z.T., Li, D, Wang, L.: Discovering novel multistage attack patterns in alert streams. In: 2007 International Conference on Networking, Architecture, and Storage (NAS 2007), pp. 115–121 (2007)
Hellerstein, J.L., Ma, S.: Mining event data for actionable patterns. In: International Computer Measurement Group Conference, pp. 307–318 (2000)
Treinen, J.J., Thurimella, R.: A framework for the application of association rule mining in large intrusion detection infrastructures. Recent. Adv. Intrusion Detect. 23–38 (2006)
Theodoridis, S., Koutroumbas, K., Ridis, T., et al.: Pattern Recognition, 2nd edn. Electronic Industry Press, Beijing (2004)
Lin, Z., Shi-tong, W., Zhao-hong, D.: Generalized study of FCM clustering algorithm based on improved fuzzy partition. J. Comput. Res. Dev. 5, 814–822 (2009)
MIT Lincoln Laboratory DDoS 1.0 Intrusion Detection Dataset [DB/OL]. http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_1.0.html
DDo S 2.0.2 Intrusion Detection Dataset Host [EB/OL]. http://www.ll.mit.edu/IST/ideval/docs/2000/2000_LLS_DDOS_2.0.2_hosts.html
Acknowledgements
This work was supported by The National Key Research and Development Program of China under Grant 2016YFB0800903, the NSF of China (U1636112, U1636212).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, J., Li, K., Li, Y., Zhang, R., Duan, X. (2019). Attack Pattern Mining Algorithm Based on Fuzzy Clustering and Sequence Pattern from Security Log. In: Pan, JS., Ito, A., Tsai, PW., Jain, L. (eds) Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing. IIH-MSP 2018. Smart Innovation, Systems and Technologies, vol 110. Springer, Cham. https://doi.org/10.1007/978-3-030-03748-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-03748-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03747-5
Online ISBN: 978-3-030-03748-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)