Recognition of attack strategy based on FP-growth algorithm and compensatory intrusion evidence

Hao Bai; Kun Sheng Wang; Chang Zhen Hu; Gang Zhang; Xiao Chuan Jing

Recognition of attack strategy based on FP-growth algorithm and compensatory intrusion evidence

Hao Bai^*, Kun Sheng Wang, Chang Zhen Hu, Gang Zhang, Xiao Chuan Jing

^*Corresponding author for this work

School of Cyberspace Science and Technology

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Limitations existed with current methods for attack intention recognition. For instance, they lacked compensatory intrusion evidences, cost enormous system resources and had low precision. To avoid the above flaws, a novel and effective method is proposed. The method generated compensatory intrusion evidences by fusing data from IDS and other security kits like scanner. Then, Bayesian-based attack scenarios were constructed where frequent attack patterns were identified using an efficient data-mining algorithm based on frequent patterns. Finally, attack paths were rebuilt by re-correlating frequent attack patterns mined in the scenarios to judge possible attack strategies precisely. The experimental results demonstrate the capability of the proposed method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources.

Original language	English
Pages (from-to)	930-934
Number of pages	5
Journal	Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology
Volume	30
Issue number	8
Publication status	Published - Aug 2010

Keywords

Attack path
Attack strategy
Compensatory intrusion evidence
FP-Growth
Frequent attack pattern

Cite this

@article{4692da5ede10443d9ebf6640e4a0bc71,

title = "Recognition of attack strategy based on FP-growth algorithm and compensatory intrusion evidence",

abstract = "Limitations existed with current methods for attack intention recognition. For instance, they lacked compensatory intrusion evidences, cost enormous system resources and had low precision. To avoid the above flaws, a novel and effective method is proposed. The method generated compensatory intrusion evidences by fusing data from IDS and other security kits like scanner. Then, Bayesian-based attack scenarios were constructed where frequent attack patterns were identified using an efficient data-mining algorithm based on frequent patterns. Finally, attack paths were rebuilt by re-correlating frequent attack patterns mined in the scenarios to judge possible attack strategies precisely. The experimental results demonstrate the capability of the proposed method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources.",

keywords = "Attack path, Attack strategy, Compensatory intrusion evidence, FP-Growth, Frequent attack pattern",

author = "Hao Bai and Wang, {Kun Sheng} and Hu, {Chang Zhen} and Gang Zhang and Jing, {Xiao Chuan}",

year = "2010",

month = aug,

language = "English",

volume = "30",

pages = "930--934",

journal = "Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology",

issn = "1001-0645",

publisher = "Beijing Institute of Technology",

number = "8",

}

TY - JOUR

T1 - Recognition of attack strategy based on FP-growth algorithm and compensatory intrusion evidence

AU - Bai, Hao

AU - Wang, Kun Sheng

AU - Hu, Chang Zhen

AU - Zhang, Gang

AU - Jing, Xiao Chuan

PY - 2010/8

Y1 - 2010/8

N2 - Limitations existed with current methods for attack intention recognition. For instance, they lacked compensatory intrusion evidences, cost enormous system resources and had low precision. To avoid the above flaws, a novel and effective method is proposed. The method generated compensatory intrusion evidences by fusing data from IDS and other security kits like scanner. Then, Bayesian-based attack scenarios were constructed where frequent attack patterns were identified using an efficient data-mining algorithm based on frequent patterns. Finally, attack paths were rebuilt by re-correlating frequent attack patterns mined in the scenarios to judge possible attack strategies precisely. The experimental results demonstrate the capability of the proposed method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources.

AB - Limitations existed with current methods for attack intention recognition. For instance, they lacked compensatory intrusion evidences, cost enormous system resources and had low precision. To avoid the above flaws, a novel and effective method is proposed. The method generated compensatory intrusion evidences by fusing data from IDS and other security kits like scanner. Then, Bayesian-based attack scenarios were constructed where frequent attack patterns were identified using an efficient data-mining algorithm based on frequent patterns. Finally, attack paths were rebuilt by re-correlating frequent attack patterns mined in the scenarios to judge possible attack strategies precisely. The experimental results demonstrate the capability of the proposed method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources.

KW - Attack path

KW - Attack strategy

KW - Compensatory intrusion evidence

KW - FP-Growth

KW - Frequent attack pattern

UR - http://www.scopus.com/inward/record.url?scp=77958112448&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:77958112448

SN - 1001-0645

VL - 30

SP - 930

EP - 934

JO - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology

JF - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology

IS - 8

ER -

Recognition of attack strategy based on FP-growth algorithm and compensatory intrusion evidence

Abstract

Keywords

Other files and links

Fingerprint

Cite this