SBAD: sequence based attack detection via sequence comparison
作者: Ching-Hao Mao , Hsing-Kuo Pao , Christos Faloutsos , Hahn-Ming Lee
DOI: 10.1007/978-3-642-19896-0_7
关键词: Data mining 、 Payload (computing) 、 Sequence 、 Benchmark (computing) 、 Network monitoring 、 Anomaly detection 、 Computer science 、 Kolmogorov complexity 、 Graph (abstract data type) 、 Intrusion detection system
摘要: Given a stream of time-stamped events, like alerts in network monitoring setting, how can we isolate sequence that form attack? We propose Sequence Based Attack Detection (SBAD) method, which makes the following contributions: (a) it automatically identifies groups are frequent; (b) summarizes them into suspicious activity, representing with graph structures; and (c) suggests novel graph-based dissimilarity measure. As whole, SBAD is able to group alerts, visualize them, spot anomalies at level. The evaluations from three datasets--two benchmark datasets (DARPA 1999, PKDD 2007) private dataset Acer 2007 gathered Security Operation Center Taiwan--support our approach. method performs well even without help IP payload information. No need for privacy information as input easy plug existing system such an intrusion detector. To talk about efficiency, proposed deal large-scale problems, processing 300K within 20 mins on regular PC.
springer.com
sci-hub.st 参考文章(19)
Heikki Mannila, A. Inkeri Verkamo, Hannu Toivonen, Discovering Frequent Episodes in Sequences. knowledge discovery and data mining. pp. 210- 215 ,(1995)
William Gasarch, None, Book Review: An introduction to Kolmogorov Complexity and its Applications Second Edition, 1997 by Ming Li and Paul Vitanyi (Springer (Graduate Text Series)) Sigact News. ,vol. 28, pp. 37- 40 ,(1997) , 10.1145/262301.1040343
Anil K. Jain, Nan Zhang, Martin H. C. Law, Nonlinear Manifold Learning for Data Stream. siam international conference on data mining. pp. 33- 44 ,(2004)
John Case, Hsing-Kuo Pao, Computing Entropy for Ortholog Detection. international conference on computational intelligence. pp. 89- 92 ,(2004)
Jeffrey Xu Yu, James Cheng, Yiping Ke, Top-k Correlative Graph Mining. siam international conference on data mining. pp. 1038- 1049 ,(2009)
Paul Vitányi, Ming Li, An Introduction to Kolmogorov Complexity and Its Applications ,(1993)
Joshua B Tenenbaum, Vin de Silva, John C Langford, A Global Geometric Framework for Nonlinear Dimensionality Reduction Science. ,vol. 290, pp. 2319- 2323 ,(2000) , 10.1126/SCIENCE.290.5500.2319
Yuh-Jye Lee, O.L. Mangasarian, SSVM: A Smooth Support Vector Machine for Classification Computational Optimization and Applications. ,vol. 20, pp. 5- 22 ,(2001) , 10.1023/A:1011215321374
Jingmin Zhou, Mark Heckman, Brennen Reynolds, Adam Carlson, Matt Bishop, Modeling network intrusion detection alerts for correlation ACM Transactions on Information and System Security. ,vol. 10, pp. 4- ,(2007) , 10.1145/1210263.1210267
R. Agrawal, T. Imielinski, A. Swami, Database mining: a performance perspective IEEE Transactions on Knowledge and Data Engineering. ,vol. 5, pp. 914- 925 ,(1993) , 10.1109/69.250074