Discovering Multi-stage Attacks Using Closed Multi-dimensional Sequential Pattern Mining
Due to the growing amount and kinds of intrusions, multi-stage attack is becoming the one of the main methods of the network security threaten. Although, the Intrusion Detection Systems (IDS) are intended to protect information systems against intrusions. Nevertheless, they can only discover single-step attacks but not complicated multi-stage attacks. Consequently, IDS are plugged with the problem of the excessive generation of alerts. Therefore, it is not only important, but also challenging for security managers to correlate security alerts to predict a multi-stage attack. In this respect, an approach based on sequential pattern mining technique to discover multi-stage attack activity is efficient to reduce the labor to construct pattern rules. In this paper, we introduce a novel approach of alert correlation, based on a new closed multi-dimensional sequential patterns mining algorithm. The main idea behind this approach is to discover temporal patterns of intrusions which reveal behaviors of attacks using alerts generated by IDS. Our experiment results show the robustness and efciency of our new algorithm against those in the literature.
KeywordsMulti-stage attacks Intrusion detection system Multi-dimensional sequential patterns Alert correlation
Unable to display preview. Download preview PDF.
- 1.Brahmi, H., Brahmi, I., Ben Yahia, S.: Nouvelle Approche de Corrélation d’Alertes basée sur la Fouille Multidimensionnelle. In: Actes des 8èmes journées francophones sur les Entrepôts de Données et l’Analyse en ligne (EDA), Bordeaux, France, pp. 93–102 (2012)Google Scholar
- 2.Cuppens, F., Miège, A.: Alert Correlation in a Cooperative Intrusion Detection Framework. In: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, California, USA, pp. 202–215 (2002)Google Scholar
- 4.Li, W., Zhi-tang, L., Jun, F.: Learning Attack Strategies Through Attack Sequence Mining Method. In: Proceedings of the International Conference on Communication Technology (ICCT), Guilin, China, pp. 1–4 (2006)Google Scholar
- 7.Pei, J., Han, J., Mortazavi-asl, B., Pinto, H., Chen, Q., Dayal, U., Hsu, M.-C.: PrefixSpan: Mining Sequential Patterns Efficiently by Prefix-Projected Pattern Growth. In: Proceedings of the 17th International Conference on Data Engineering (ICDE), Heidelberg, Germany, pp. 215–224 (2001)Google Scholar
- 8.Srikant, R., Agrawal, R.: Mining Sequential Patterns: Generalizations and performance Improvements. In: Proceedings of the 5th International Conference on Extending Database Technology: Advances in Database Technology (EDBT), Avignon, France, pp. 3–17 (1996)Google Scholar
- 9.Vijayalakshmi, S., Mohan, V., Raja, S.S.: Mining Constraint-based Multidimensional Frequent Sequential Pattern in Web Logs. European Journal of Scientific Research 36(3), 480–490 (2009)Google Scholar