• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Networking Architecture and Storage, 2007 International Conference on; Guilin,China >Discovering Novel Multistage Attack Patterns in Alert Streams
【24h】

Discovering Novel Multistage Attack Patterns in Alert Streams

机译:在警报流中发现新颖的多阶段攻击模式

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

With the growing deployment of network security devices, the large volume of alerts gathered from these devices often overwhelm the administrator, and make it almost impossible to discover complicated multistage attacks in time. It is necessary to develop a real-time system to detect the ongoing attacks and predict the upcoming next step of a multistage attack in alert streams, using known attack patterns. So it is a key mission to make sure that the pattern definition is correct, complete and up to date. In this paper, a classical data mining algorithm is used to help us discover attack patterns, construct and maintain rules. It can overcome the highly dependent on knowledge of experts, time-consuming and error-prone drawbacks in previous approaches using manual analysis. Unfortunately, for a dynamic network environment where novel attack strategies appear continuously, the method shows a limited capability to detect the novel attack patterns. We can address the problem by presenting a novel approach using incremental mining algorithm to discover new attack patterns that appear recently. A series of experiments show the validity of the methods in this paper.
机译:随着网络安全设备的部署不断增长,从这些设备收集的大量警报通常使管理员不知所措,几乎不可能及时发现复杂的多级攻击。有必要开发一种实时系统,以使用已知的攻击模式来检测正在进行的攻击并预测警报流中多级攻击的下一步。因此,确保模式定义正确,完整和最新是关键任务。本文使用经典的数据挖掘算法来帮助我们发现攻击模式,构造和维护规则。它可以克服以前使用手工分析方法对专家知识的高度依赖,费时且容易出错的缺点。不幸的是,对于不断出现新颖攻击策略的动态网络环境,该方法显示出检测新颖攻击模式的能力有限。我们可以通过提出一种使用增量挖掘算法的新颖方法来发现最近出现的新攻击模式来解决该问题。一系列实验证明了本文方法的有效性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号