An Alert Correlation Algorithm Based on the Sequence Pattern Mining
Sequence correlation method has limits in unknown attacks identification and requires pre-defining the causal relationship between attack behavior.To solve this problem,an alert correlation algorithm,denoted as TPrefixSpan,based on the sequence pattern mining is proposed in this paper.based on PrefixSpan algorithm,TPrefixSpan algorithm introduces time interval that can thoroughly narrow,the search space,then time cost on repeated dataset scan in the sequence pattern mining is greatly saved,the efficiency of the PrefixSpan algorithm is ensured.Compared with PrefixSpan algorithm,TPrefixSpan algorithm generates much precise attacks identification.In order to visualize the correlation rules better,a sequence diagram generation algorithm orf attack behavior is put forward.
alert correlation sequence pattern correlation rule mining sequence diagram
Yanli Lv Yuanlong Li Shuang Xiang Chunhe Xia Jingxin Geng
Beijing Key Laboratory of Network Technology, Beihang University Information center of Ministry of S Beijing Key Laboratory of Network Technology, Beihang University Beijing, P.R.China YingTu Wealth(Beijing)Investment Advisory Co., Ltd. Changchun, P.R.China
国际会议
重庆
英文
1146-1151
2015-12-19(万方平台首次上网日期,不代表论文的发表时间)