Research of MDCOP mining based on time aggregated graph for large spatio-temproal data sets

Discovering mixed-drove spatiotemporal co-occurrence patterns (MDCOPs) is important for network security such as distributed denial of service (DDoS) attack. There are usually many features when we are suffering from a DDoS attacks such as the server CPU is heavily occupied for a long time, bandwidth is hoovered and so on. In distributed cooperative intrusion, the feature information from multiple intrusion detection sources should be analyzed simultaneously to find the spatial correlation among the feature information.In addition to spatial correlation, intrusion also has temporal correlation. Some invasions are gradually penetrating, and attacks are the result of cumulative effects over a period of time. So it is necessary to discover mixed-drove spatiotemporal co-occurrence patterns (MDCOPs) in network security. However, it is difficult to mine MDCOPs from large attack event data sets because mining MDCOPs is computationally very expensive. In information security, the set of candidate co-occurrence attack event data sets is exponential in the number of object-types and the spatiotemporal data sets are too large to be managed in memory. To reduce the number of candidate co-occurrence instances, we present a computationally efficient MDCOP Graph Miner algorithm by using Time Aggregated Graph. which can deal with large attack event data sets by means of file index. The correctness, completeness and efficiency of the proposed methods are analyzed.

[1]  Martin Skutella,et al.  Time-Expanded Graphs for Flow-Dependent Transit Times , 2002, ESA.

[2]  Kai-Uwe Sattler,et al.  A framework for co-location patterns mining in big spatial data , 2017, 2017 XX IEEE International Conference on Soft Computing and Measurements (SCM).

[3]  Shashi Shekhar,et al.  A join-less approach for co-location pattern mining: a summary of results , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[4]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[5]  Shashi Shekhar,et al.  Time-Aggregated Graphs for Modeling Spatio-temporal Networks , 2006, J. Data Semant..

[6]  Shashi Shekhar,et al.  Mixed-Drove Spatio-Temporal Co-occurrence Pattern Mining : A Summary of Results , 2006 .

[7]  S. Shekhar,et al.  Discovering Co-location Patterns from Spatial Datasets : A General Approach , 2004 .

[8]  Sw. Banerjee,et al.  Hierarchical Modeling and Analysis for Spatial Data , 2003 .

[9]  Ralf Hartmut Güting,et al.  Modeling Temporally Variable Transportation Networks , 2004, DASFAA.

[10]  Zhanquan Wang,et al.  Research of spatial co-location pattern mining based on segmentation threshold weight for big dataset , 2015, 2015 2nd IEEE International Conference on Spatial Data Mining and Geographical Knowledge Services (ICSDM).

[11]  Shashi Shekhar,et al.  A partial join approach for mining co-location patterns , 2004, GIS '04.

[12]  Yan Huang,et al.  Discovering Spatial Co-location Patterns: A Summary of Results , 2001, SSTD.

[13]  Bettina Speckmann,et al.  Efficient detection of motion patterns in spatio-temporal data sets , 2004, GIS '04.

[14]  Nikos Mamoulis,et al.  Discovery of Collocation Episodes in Spatiotemporal Data , 2006, Sixth International Conference on Data Mining (ICDM'06).

[15]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.