Using Serial Episode Mining to Identify Internet Attacks

An intrusion is a series of relevant actions that occur to a victim in some sequence through the Internet. In this paper, a serial episode mining is first applied to find all possible sophisticated Internet attacks, and then an episode pruning skill is applied to cut unnecessary ones to reduce administrator’s further effort. Input data, log files from a honeypot system, is regarded as a sequence of events, where each event has an associated time of occurrence. The method proposed in this paper can be used to detect abnormal Internet episodes including unknown attacks. Some experiments had been conducted to show the effectiveness of the proposed method.

[1]  Heikki Mannila,et al.  Discovery of Frequent Episodes in Event Sequences , 1997, Data Mining and Knowledge Discovery.

[2]  Susan M. Bridges,et al.  Fuzzy frequent episodes for real-time intrusion detection , 2001, 10th IEEE International Conference on Fuzzy Systems. (Cat. No.01CH37297).

[3]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000 .

[4]  Ming-Yang Su Internet worms identification through serial episodes mining , 2010, ECTI-CON2010: The 2010 ECTI International Confernce on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology.

[5]  James C. Foster,et al.  Chapter 2 – Introducing Snort 2.0 , 2003 .

[6]  Jeffrey Posluns,et al.  Snort 2.0 Intrusion Detection , 2003 .

[7]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[8]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[9]  Chengqi Zhang,et al.  Mining frequent serial episodes over uncertain sequence data , 2013, EDBT '13.

[10]  Ya Wang,et al.  Frequent episode mining within the latest time windows over event streams , 2013, Applied Intelligence.

[11]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..