Search for Articles:
International Journal of Wireless and Microwave Technologies (IJWMT)

IJWMT Vol. 2, No. 2, 15 Apr. 2012

Cover page and Table of Contents: PDF (size: 977KB)

MECS Press Journal

A Multi-step Attack Recognition and Prediction Method Via Mining Attacks Conversion Frequencies

Full Text (PDF, 977KB), PP.20-25

Views: 0 Downloads: 0

Author(s)

MAN Da-peng 1,* LI Xue-zhen 1 YANG Wu 1 XUAN Shi-chang 1

1. Harbin Engineering University, Harbin, China, 150001

* Corresponding author.

DOI: https://doi.org/10.5815/ijwmt.2012.02.04

Received: 16 Dec. 2011 / Revised: 1 Feb. 2012 / Accepted: 8 Mar. 2012 / Published: 15 Apr. 2012

Index Terms

Network security, multi-step attack, alert correlation, attack conversion frequencies

Abstract

Massive security alerts produced by safety equipments make it necessary to recognize and predict multi-step attacks. In this paper, a novel method of recognizing and predicting multi-step attacks is proposed. It calculates attack conversion frequencies, and then mines the multi-step attack sequences. On this basis, it matches the new alert sequences dynamically, recognizes the multi-step attacks and predicts the next attack step. The result of experiment shows that the proposed method is effective and accurate.

Cite This Paper

MAN Da-peng,LI Xue-zhen,YANG Wu,WANG Wei,XUAN Shi-chang,"A Multi-step Attack Recognition and Prediction Method Via Mining Attacks Conversion Frequencies", IJWMT, vol.2, no.2, pp.20-25, 2012. DOI: 10.5815/ijwmt.2012.02.04 

Reference

[1]Swiler, L.P.; Phillips, C.; Ellis, D.; Chakerian, S., "Computer-attack graph generation tool," DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings , vol.2, no., pp.307-321 vol.2, 2001

[2]Templeton S,Levitt K. "A requires/provides model for computer attacks.," In Proceedings of the New Security Paradigm Workshop, September 18, 2000 - September 22, 2000, Anonymous Association for Computing Machinery, Ballycotton, Ireland, pp:31-38,2000

[3]P Ning, D Reeves,and Yun Cui. Correlating alerts using prerequisites of intrusions. Technical Report TR-2001-13,North Carolina State University,Department of Computer Science,USA ,:pp:23-39, 2001

[4]P.Ning,Yun Cui. An intrusion alert correlator based on prerequisites of intrusions.Technical Report TR-2002-01,North Carolina State University, Department of Computer Science,USA ,pp:31-43, 2002

[5]W.Lee and X.Qin.Statistical Causality Analysis of INFOSEC Alert Data.G.Vigna,E.Jonsson andC.Kruegel, Editors.RAID. Springer. Berlin, Heidelberg,:pp:73-93, 2003

[6]Q.Xinzhou and L.Wenke. Discovering novel attack strategies from INFOSEC alerts.Sophia Antipolis, France,ESORICS,pp:439-456,2004

[7]QIN,X and LEE,W.Causal discovery-based alert correlation.In:the 21th Annual Computer Security Applications Conference(ACSAC 2005).Tucson,AZ.,December,pp:33-40, 2005

[8]W., LI ZHI-TANG, JIE, L. AND YAO, L. “A novel algorithm SF for mining attack scenarios model.” In IEEE International Conference on e-Business Engineering, 24-26 Oct. 2006, Anonymous IEEE Computer Society, Los Alamitos, CA, USA.

Subscribe to receive issue release notifications and newsletters from MECS Press journals