Multistage attack detection system for network administrators using data mining

In this paper, we present a method to discover, visualize, and predict behavior pattern of attackers in a network based system. We proposed a system that is able to discover temporal pattern of intrusion which reveal behaviors of attackers using alerts generated by Intrusion Detection System (IDS). We use data mining techniques to find the patterns of generated alerts by generating Association rules. Our system is able to stream realtime Snort alerts and predict intrusions based on our learned rules. Therefore, we are able to automatically discover patterns in multistage attack, visualize patterns, and predict intrusions.

[1]  Hideki Koike,et al.  SnortView: visualization system of snort logs , 2004, VizSEC/DMSEC '04.

[2]  Yuval Shahar,et al.  An intelligent, interactive tool for exploration and visualization of time-oriented security data , 2006, VizSEC '06.

[3]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[4]  Morteza Damanafshan,et al.  RAAS: a reliable analyzer and archiver for snort intrusion detection system , 2007, SAC '07.

[5]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[6]  Vipin Kumar,et al.  Introduction to Data Mining, (First Edition) , 2005 .

[7]  Wenke Lee Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility , 2002, SKDD.

[8]  Jaideep Srivastava,et al.  Data Mining for Network Intrusion Detection , 2002 .

[9]  Patrick Hertzog Visualizations to improve reactivity towards security incidents inside corporate networks , 2006, VizSEC '06.

[10]  Vipin Kumar,et al.  Introduction to Data Mining , 2022, Data Mining and Machine Learning Applications.

[11]  Adam Stotz,et al.  Understanding multistage attacks by attack-track based visualization of heterogeneous event streams , 2006, VizSEC '06.

[12]  Kulsoom Abdullah,et al.  Tool update: high alarm count issues in IDS rainstorm , 2006, VizSEC '06.

[13]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[14]  Daniel A. Keim,et al.  Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations , 2009, CHIMIT.