Abstract
In the field of network security, people become aware of the importance of study on the connectivity between network nodes. Based on analyzing the connectivity, this paper introduces a conception of network node correlation (NNC) and designs a novel log-based NNC mining system which adopts a typical distributed architecture based on agent. By means of bayesian network, this system can accurately and effectively mine high-level NNCs on application layer. The mined results can provide useful information for some security fields such as network risk assessment, vulnerability and intrusion detection, and virus propagation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
7. References
Swiler, L., Phillips, C., Ellis, D. and Chakerian, S.: Computer-Attack Graph Generation Tool, in Proceedings of the DARPA Information Survivability Conference & Exposition II, Anaheim, California (2001) 307–321
Daley, K., Larson, R., Dawkins, J.: A Structural Framework for Modeling Multistage Network Attacks, in Proceedings of the International Conference on Parallel Processing Workshops (ICPPW’02). Tulsa Univ., OK, USA (2002) 5–10
Sheyner, O., Haines, J., Jha, S. (eds.): Automated Generation and Analysis of Attack Graphs, in Proceedings of IEEE Symposium on Security and Privacy, Oakland, California (2002) 273–284
Ritchey, R., Ammann, P.: Using Model Checking to Analyze Network Vulnerabilities, in Proceedings of IEEE Symposium on Security and Privacy, Oakland, California (2000) 156–165
Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability, in Managing Cyber Threats: Issues, Approaches and Challenges, Kumar, V., Srivastava, J., Lazarevic, A., eds., Kluwer Academic Publishers, Boston (2004)
Ritchey, R., O’Berry, B., Noel, S.: Representing TCP/IP Connectivity for Topological Analysis of Network Security, in Proceedings of 18th Annual Computer Security Applications Conference, Las Vegas, Nevada (2002) 25–31
Mayer, A., Wool, A., Ziskind, E.: Fang: A Firewall Analysis Engine, In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (2000) 177–187
Nmap, Security Scanner, information on the web at http://www.insecure.org
Nessus, Remote Security Scanner, information on the web at http://www.nessus.org
Traceroute, information on the web at ftp://ftp.ee.lbl.gov/traceroute.tar.gz
Yau, S.S., Zhang, X.Y.: Computer Network Intrusion Detection, Assessment and Prevention Based on Security Dependency Relation, in Proceedings of COMPSAC’ 99, Phoenix, USA (1999) 86–91
Shi, Z.Z.: Knowledge Discovery (In Chinese). Tsinghua University Press, Beijing (2002)
Mu, C.D., Dai, J.B., Ye, J.: Bayesian Network for Data Mining (In Chinese), Journal of Software, Vol.11, No.5 (2002) 660–666
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag London Limited
About this paper
Cite this paper
Zhang, Y., Fang, B., Chi, Y., Yun, X. (2006). A Log-Based Mining System for Network Node Correlation. In: Blyth, A. (eds) EC2ND 2005. Springer, London. https://doi.org/10.1007/1-84628-352-3_17
Download citation
DOI: https://doi.org/10.1007/1-84628-352-3_17
Publisher Name: Springer, London
Print ISBN: 978-1-84628-311-6
Online ISBN: 978-1-84628-352-9
eBook Packages: Computer ScienceComputer Science (R0)