Multistage attack detection system for network administrators using data mining

Authors:
Rajeshwar Katipally;Wade Gasior;Xiaohui Cui;Li Yang
Affiliations:
University of TN at Chattanooga, Chattanooga, TN;University of TN at Chattanooga, Chattanooga, TN;Oak Ridge National Laboratory, Oak Ridge, TN;University of TN at Chattanooga, Chattanooga, TN
Venue:
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Year:
2010

Citing 10
Cited 1

Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility

ACM SIGKDD Explorations Newsletter
SnortView: visualization system of snort logs

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Introduction to Data Mining, (First Edition)

Introduction to Data Mining, (First Edition)
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams

Proceedings of the 3rd international workshop on Visualization for computer security
An intelligent, interactive tool for exploration and visualization of time-oriented security data

Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: high alarm count issues in IDS rainstorm

Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks

Proceedings of the 3rd international workshop on Visualization for computer security
RAAS: a reliable analyzer and archiver for snort intrusion detection system

Proceedings of the 2007 ACM symposium on Applied computing
Learning program behavior profiles for intrusion detection

ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations

Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology

Survey A model-based survey of alert correlation techniques

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a method to discover, visualize, and predict behavior pattern of attackers in a network based system. We proposed a system that is able to discover temporal pattern of intrusion which reveal behaviors of attackers using alerts generated by Intrusion Detection System (IDS). We use data mining techniques to find the patterns of generated alerts by generating Association rules. Our system is able to stream realtime Snort alerts and predict intrusions based on our learned rules. Therefore, we are able to automatically discover patterns in multistage attack, visualize patterns, and predict intrusions.