H-Mine: Hyper-Structure Mining of Frequent Patterns in Large Databases
ICDM '01 Proceedings of the 2001 IEEE International Conference on Data Mining
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Mining Frequent Patterns without Candidate Generation: A Frequent-Pattern Tree Approach
Data Mining and Knowledge Discovery
Reasoning About Complementary Intrusion Evidence
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Attack Plan Recognition and Prediction Using Causal Networks
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A logic-programming approach to network security analysis
A logic-programming approach to network security analysis
Constraint-based sequential pattern mining: the pattern-growth methods
Journal of Intelligent Information Systems
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction
FSKD '07 Proceedings of the Fourth International Conference on Fuzzy Systems and Knowledge Discovery - Volume 04
Attack scenario construction with a new sequential mining technique
SNPD '07 Proceedings of the Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing - Volume 01
Real-Time Correlation of Network Security Alerts
ICEBE '07 Proceedings of the IEEE International Conference on e-Business Engineering
Critical Episode Mining in Intrusion Detection Alerts
CNSR '08 Proceedings of the Communication Networks and Services Research Conference
Correlating Multi-Step Attack and Constructing Attack Scenarios Based on Attack Pattern Modeling
ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
Alert Fusion Based on Cluster and Correlation Analysis
ICHIT '08 Proceedings of the 2008 International Conference on Convergence and Hybrid Information Technology
Alert Correlation through Results Tracing back to Reasons
CMC '09 Proceedings of the 2009 WRI International Conference on Communications and Mobile Computing - Volume 03
Preprocessor of Intrusion Alerts Correlation Based on Ontology
CMC '09 Proceedings of the 2009 WRI International Conference on Communications and Mobile Computing - Volume 03
Vulnerabilities Analyzing Model for Alert Correlation in Distributed Environment
SSME '09 Proceedings of the 2009 IITA International Conference on Services Science, Management and Engineering
Alert correlation by a retrospective method
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
Risk-Based models of attacker behavior in cybersecurity
SBP'13 Proceedings of the 6th international conference on Social Computing, Behavioral-Cultural Modeling and Prediction
| Hi-index | 0.00 |
Recognizing attack intention is crucial for security analysis. In recent years, a number of methods for attack intention recognition have been proposed. However, most of these techniques mainly focus on the alerts of an intrusion detection system and use algorithms of low efficiency that mine frequent attack patterns without reconstructing attack paths. In this paper, a novel and effective method is proposed, which integrates several techniques to identify attack intentions. Using this method, a Bayesian-based attack scenario is constructed, where frequent attack patterns are identified using an efficient data-mining algorithm based on frequent patterns. Subsequently, attack paths are rebuilt by recorrelating frequent attack patterns mined in the scenario. The experimental results demonstrate the capability of our method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources. Specifically, to the best of our knowledge, the proposed method is the first to correlate complementary intrusion evidence with frequent pattern mining techniques based on the FP-Growth algorithm to rebuild attack paths and to recognize attack intentions.