By Topic

A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Zhi-tang Li ; Huazhong Univ. of Sci. & Technol., Wuhan ; Jie Lei ; Li Wang ; Dong Li

A network attack graph provides a global view of all possible sequences of exploits which an intruder may use to penetrate a system. Attack graphs can be generated by model checking techniques or intrusion alert correlation. In this paper we proposed a data mining approach to generating attack graphs. Through association rule mining, the algorithm generates multi-step attack patterns from historical intrusion alerts which comprise the attack graphs. The algorithm also calculates the predictability of each attack scenario in the attack graph which represents the probability for the corresponding attack scenario to be the precursor of future attacks. Then the real-time intrusion alerts can be correlated to attack scenarios and ranked by the predictability scores. The ranking result can help identify the appropriate evidence for intrusion prediction from a large volume of raw intrusion alerts. The approach is validated by DARPA 2000 and DARPA 1999 intrusion detection evaluation datasets.

Published in:

Fuzzy Systems and Knowledge Discovery, 2007. FSKD 2007. Fourth International Conference on  (Volume:4 )

Date of Conference:

24-27 Aug. 2007