Abstract
Due to the growing amount and kinds of intrusions, multi-stage attack is becoming the one of the main methods of the network security threaten. Although, the Intrusion Detection Systems (IDS) are intended to protect information systems against intrusions. Nevertheless, they can only discover single-step attacks but not complicated multi-stage attacks. Consequently, IDS are plugged with the problem of the excessive generation of alerts. Therefore, it is not only important, but also challenging for security managers to correlate security alerts to predict a multi-stage attack. In this respect, an approach based on sequential pattern mining technique to discover multi-stage attack activity is efficient to reduce the labor to construct pattern rules. In this paper, we introduce a novel approach of alert correlation, based on a new closed multi-dimensional sequential patterns mining algorithm. The main idea behind this approach is to discover temporal patterns of intrusions which reveal behaviors of attacks using alerts generated by IDS. Our experiment results show the robustness and efciency of our new algorithm against those in the literature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Brahmi, H., Brahmi, I., Ben Yahia, S.: Nouvelle Approche de Corrélation d’Alertes basée sur la Fouille Multidimensionnelle. In: Actes des 8èmes journées francophones sur les Entrepôts de Données et l’Analyse en ligne (EDA), Bordeaux, France, pp. 93–102 (2012)
Cuppens, F., Miège, A.: Alert Correlation in a Cooperative Intrusion Detection Framework. In: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, California, USA, pp. 202–215 (2002)
Huang, G., Zuo, N., Ren, J.: Mining Web Frequent Multi-dimensional Sequential Patterns. Information Technology Journal 10(12), 2434 (2011)
Li, W., Zhi-tang, L., Jun, F.: Learning Attack Strategies Through Attack Sequence Mining Method. In: Proceedings of the International Conference on Communication Technology (ICCT), Guilin, China, pp. 1–4 (2006)
Ning, P., Cui, Y., Reeves, D.S., Xu, D.: Techniques and Tools for Analyzing Intrusion Alerts. Journal ACM Transactions on Information and System Security 7(2), 274–318 (2004)
Pasquier, N., Bastide, Y., Taouil, R., Lakhal, L.: Efficient Mining of Association Rules Using Closed Itemset Lattices. Journal of Information Systems 24(1), 25–46 (1999)
Pei, J., Han, J., Mortazavi-asl, B., Pinto, H., Chen, Q., Dayal, U., Hsu, M.-C.: PrefixSpan: Mining Sequential Patterns Efficiently by Prefix-Projected Pattern Growth. In: Proceedings of the 17th International Conference on Data Engineering (ICDE), Heidelberg, Germany, pp. 215–224 (2001)
Srikant, R., Agrawal, R.: Mining Sequential Patterns: Generalizations and performance Improvements. In: Proceedings of the 5th International Conference on Extending Database Technology: Advances in Database Technology (EDBT), Avignon, France, pp. 3–17 (1996)
Vijayalakshmi, S., Mohan, V., Raja, S.S.: Mining Constraint-based Multidimensional Frequent Sequential Pattern in Web Logs. European Journal of Scientific Research 36(3), 480–490 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brahmi, H., Ben Yahia, S. (2013). Discovering Multi-stage Attacks Using Closed Multi-dimensional Sequential Pattern Mining. In: Decker, H., Lhotská, L., Link, S., Basl, J., Tjoa, A.M. (eds) Database and Expert Systems Applications. DEXA 2013. Lecture Notes in Computer Science, vol 8056. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40173-2_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-40173-2_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40172-5
Online ISBN: 978-3-642-40173-2
eBook Packages: Computer ScienceComputer Science (R0)