Research of Mining Multi-Stage Network Attack Profiles

In this paper we propose a model to mine the statistical attack signature profiles using the method of reverse backtracking from the attack consequences, on the basis of analyzing the multi-stage characteristics of sophisticated network attack behaviors. The model takes the anomaly network traffic collected by the network manager system as its data source, employs the Granger causality test as its exploratory tool to extract the association among various attack stages, and can achieve several attack profiles with high confidence. Finally experiments with five DDoS tools are conducted, and the results verify the effectiveness of our work.