Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility
ACM SIGKDD Explorations Newsletter
SnortView: visualization system of snort logs
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Introduction to Data Mining, (First Edition)
Introduction to Data Mining, (First Edition)
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams
Proceedings of the 3rd international workshop on Visualization for computer security
An intelligent, interactive tool for exploration and visualization of time-oriented security data
Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: high alarm count issues in IDS rainstorm
Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks
Proceedings of the 3rd international workshop on Visualization for computer security
RAAS: a reliable analyzer and archiver for snort intrusion detection system
Proceedings of the 2007 ACM symposium on Applied computing
Learning program behavior profiles for intrusion detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In this paper, we present a method to discover, visualize, and predict behavior pattern of attackers in a network based system. We proposed a system that is able to discover temporal pattern of intrusion which reveal behaviors of attackers using alerts generated by Intrusion Detection System (IDS). We use data mining techniques to find the patterns of generated alerts by generating Association rules. Our system is able to stream realtime Snort alerts and predict intrusions based on our learned rules. Therefore, we are able to automatically discover patterns in multistage attack, visualize patterns, and predict intrusions.