Research on discovering multi-step attack patterns based on clustering IDS alert sequences

MEI Hai-bin1; GONG Jian1; ZHANG Ming-hua2

您当前的位置：

首页 >

文章列表页 >

Research on discovering multi-step attack patterns based on clustering IDS alert sequences

更新时间：2024-10-14

- Research on discovering multi-step attack patterns based on clustering IDS alert sequences
- Vol. 32, Issue 5, Pages: 63-69(2011)
- 作者机构：
  
  1. 东南大学计算机科学与工程学院江苏省计算机网络技术重点实验室
  2. 上海海洋大学信息学院
- 作者简介：
- 基金信息：
- DOI：
  CLC： TP393.08
- Published：2011
- 稿件说明：
移动端阅览
MEI Hai-bin1, GONG Jian1, ZHANG Ming-hua2. Research on discovering multi-step attack patterns based on clustering IDS alert sequences[J]. 2011, 32(5): 63-69.
DOI：

MEI Hai-bin1, GONG Jian1, ZHANG Ming-hua2. Research on discovering multi-step attack patterns based on clustering IDS alert sequences[J]. 2011, 32(5): 63-69. DOI：

摘要

研究了从警报数据中发现多步攻击模式的方法。通过定义警报间的相似度函数来构建攻击活动序列集。采用序列比对技术

将具有相似攻击行为的序列进行聚类。基于动态规划的思想

通过抽取最长公共子序列的算法自动发现类中的多步攻击模式。该方法不需要依赖大量先验知识

设置参数少

易于实现。实验结果验证了该方法的有效性。

Abstract

A method of discovering multi-step attack patterns from alert data was studied.Alert similarity function was defined to construct the set of attack activity sequences.Sequence alignment technology was used to cluster the similar attack activity sequences.Multi-step attack patterns in a cluster were automatically discovered by the longest common subsequence extraction algorithm based on the idea of dynamic programming.The proposed method didn’t depend on large amounts of prior knowledge.Few configuration parameters were needed and it was easy to implement.Experimental results demonstrate the effectiveness of proposed method.

关键词

Keywords

references

Views

984

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

New data fusion model of intrusion detection——IDSFP

Intrusion detection method based on data augmentation and multi-explanation method fusion

Intrusion detection method for IoT in heterogeneous environment

Adaptive clustering federated learning via similarity acceleration

Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature

Related Author

TIAN Jun-feng

ZHAO Wei-dong

DU Rui-zhong

CAI Hong-yun

Xiong Xuanrui

GUO Xingyou

NING Zhaolong

ZHANG Yushu

Related Institution

河北大学数学与计算机学院

College of Computer and Mathematics,Hebei University

College of Electronic Science and Technology, National University of Defense Technology

School of Communications and Information Engineering, Chongqing University of Posts and Telecommunications

Engineering Research Center of Intelligent Perception and Autonomous Control,Ministry of Education

AI问答

⁰