Online Mining of Attack Models in IDS Alerts from Network Backbone by a Two-Stage Clustering Method
There is little work has been done to mine attack models online in IDS alerts from the network backbone.The contributions of this paper are three-fold.Firstly.we put forward a software-pipeline online attack models mining framework suited with alert clustering mining methods.Secondly, we propose an online alert reduction method and improve two-stage clustering method.Thirdly, we propose an approach to adjust parameters used in the framework on the fly.The experiment shows that the data feature is stable in sequence length to apply the parameters self-adjustment algorithm, and parameters self-adjustment works well under the online mining framework.The online mining attack models is efficient compare to offline mining method, and generated attack models have convincing logic relation.
Attack model mining online alert reduction two-stage clustering sequence analysis behavior analysis parameters adjustment
Lin-Bo Qiao Bo-Feng Zhang Rui-Yuan Zhao Jin-Shu Su
College of Computer,National University of Defense Technology,Changsha 410073,China
国际会议
The 5th International Symposium on Cyberspace Safety and Security ( CSS2013)(第五届国际网络空间安全和安保研讨会)
张家界
英文
104-116
2013-11-13(万方平台首次上网日期,不代表论文的发表时间)