Poster: An Automatic Multi-Step Attack Pattern Mining Approach for Massive WAF Alert Data
نویسندگان
چکیده
This paper introduce a three-stage approach that can automatically mining multi-step attack patterns from massive alert data of web application firewalls. The first stage extracts attack sequences, and the second stage clusters similar attack sequences. At the last stage we recognize an attack pattern for each cluster. We conducted our experiments on real-world WAF alert data obtained from a famous Chinese ISP. Experimental results show that different attackers using the same attack pattern may have the same “attack background”.
منابع مشابه
Automatic multi-step attack pattern discovering
Current techniques employed in security alert correlation area for multi-step attack recognition purpose are intricate to be performed due to the complexity of the methods and huge computing workload generated during alert analysis and processing. In this paper, we proposed a new method of alert correlation aiming at providing concentrated security event information and thus finding multi-step ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملImproved Automatic Clustering Using a Multi-Objective Evolutionary Algorithm With New Validity measure and application to Credit Scoring
In data mining, clustering is one of the important issues for separation and classification with groups like unsupervised data. In this paper, an attempt has been made to improve and optimize the application of clustering heuristic methods such as Genetic, PSO algorithm, Artificial bee colony algorithm, Harmony Search algorithm and Differential Evolution on the unlabeled data of an Iranian bank...
متن کاملApplication of Case-Based Reasoning to Multi-Sensor Network Intrusion Detection
An intrusion detection system (IDS) is generally limited by having a single detection model and a single information source for detecting attacks. Multi-sensor (or meta) intrusion detection addresses this problem by combining results of multiple IDSs and providing global decisions. Nearly all current meta-IDSs are either statistics-based or logical rule-based and typically require substantial h...
متن کاملProposing an approach to calculate headway intervals to improve bus fleet scheduling using a data mining algorithm
The growth of AVL (Automatic Vehicle Location) systems leads to huge amount of data about different parts of bus fleet (buses, stations, passenger, etc.) which is very useful to improve bus fleet efficiency. In addition, by processing fleet and passengers’ historical data it is possible to detect passenger’s behavioral patterns in different parts of the day and to use it in order to improve fle...
متن کامل