research-article

Multistage attack detection system for network administrators using data mining

Authors:

Rajeshwar Katipally,

Wade Gasior,

Xiaohui Cui,

Li YangAuthors Info & Claims

CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

Article No.: 51, Pages 1 - 4

https://doi.org/10.1145/1852666.1852722

Published: 21 April 2010 Publication History

Get Access

Abstract

In this paper, we present a method to discover, visualize, and predict behavior pattern of attackers in a network based system. We proposed a system that is able to discover temporal pattern of intrusion which reveal behaviors of attackers using alerts generated by Intrusion Detection System (IDS). We use data mining techniques to find the patterns of generated alerts by generating Association rules. Our system is able to stream realtime Snort alerts and predict intrusions based on our learned rules. Therefore, we are able to automatically discover patterns in multistage attack, visualize patterns, and predict intrusions.

Supplementary Material

Supplemental material. (a51-katipally_slides.pdf)

Download
600.55 KB

References

[1]

Hideki Koike, Kazuhiro Ohno, SnortView: Visualization System of Snort Logs, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, Washington DC, USA, 2004.

Digital Library

Google Scholar

[2]

Soleimani M., Khosrowshahi E., Doroud M., Damanafshan M., Behzadi A., Abbaspour M., A Reliable Analyzer and Archiver for Snort Intrusion Detection System, Proceedings of the 2007 ACM symposium on Applied computing, Korea, 2007.

Digital Library

Google Scholar

[3]

Patrick Hertzog, Visualizations to improve reactivity towards security incidents inside corporate networks, Proceedings of the 3rd international workshop on Visualization for computer security, Alexandria, Virginia, USA, 2006.

Digital Library

Google Scholar

[4]

Shabtai, Klimov, Shahar, Elovici, An intelligent, interactive tool for exploration and visualization of time-oriented security data, Proceedings of the 3rd international workshop on Visualization for computer security, Alexandria, Virginia, USA, 2006

Digital Library

Google Scholar

[5]

Mansmann, Fisher, Keim, North, Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations, Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology, Maryland, USA, 2009.

Digital Library

Google Scholar

[6]

Mathew, Giomundo, Uoadhyaya, Sudit, Slotz, Understanding multistage attacks by attack-track based visualization of heterogeneous event streams, Proceedings of the 3rd international workshop on Visualization for computer security, Virginia, USA, 2006.

Digital Library

Google Scholar

[7]

Abdullah, Copeland, Tool update: high alarm count issues in IDS rainstorm, Proceedings of the 3rd international workshop on Visualization for computer security, Alexandria, Virginia, USA, 2006.

Digital Library

Google Scholar

[8]

Wenke Lee, Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility, ACM SIGKDD Explorations Newsletter, December, 2002.

Digital Library

Google Scholar

[9]

Dokas, Kumar, Lazarevic, Srivastava, Tan, Data Mining for Network Intrusion Detection, USA, 2004.

Google Scholar

[10]

Anup K. Ghosh, Aaron Schwartzbard and Michael Schatz. Learning Program Behavior Profiles for Intrusion Detection. Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, 2002.

Digital Library

Google Scholar

[11]

Pang-Ning Tan, Michael Stenbach, Vipin Kumar. Introduction to data mining. Pearson Addison Wesley. 2006.

Digital Library

Google Scholar

[12]

The snort. http://www.snort.org.

Google Scholar

[13]

JiaweiHanand Micheline Kamber, Data mining concepts and techniques. Academic Press, San Diego, California, 2001

Google Scholar

Cited By

View all

Che Mat NJamil NYusoff YMat Kiah M(2024)A systematic literature review on advanced persistent threat behaviors and its detection strategyJournal of Cybersecurity10.1093/cybsec/tyad02310:1Online publication date: 2-Jan-2024
https://doi.org/10.1093/cybsec/tyad023
Saini J(2023)LSTM based deep learning approach to detect online violent activities over dark webMultimedia Tools and Applications10.1007/s11042-023-17222-883:14(42379-42390)Online publication date: 16-Oct-2023
https://doi.org/10.1007/s11042-023-17222-8
Saini JBansal D(2023)Computational techniques to counter terrorism: a systematic surveyMultimedia Tools and Applications10.1007/s11042-023-15545-083:1(1189-1214)Online publication date: 3-Jun-2023
https://doi.org/10.1007/s11042-023-15545-0
Show More Cited By

Index Terms

Multistage attack detection system for network administrators using data mining
1. Security and privacy
  1. Network security

Recommendations

A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
An alert data mining framework for network-based intrusion detection system
WISA'05: Proceedings of the 6th international conference on Information Security Applications

Intrusion detection techniques have been developed to protect computer and network systems against malicious attacks. However, there are no perfect intrusion detection systems or mechanisms, because it is impossible for the intrusion detection systems ...
Agent-oriented network intrusion detection system using data mining approaches

Most of the existing commercial Network Intrusion Detection System (NIDS) products are signature-based but not adaptive. In this paper, an adaptive NIDS using data mining technology is developed. Data mining approaches are used to accurately capture the ...

Comments

Information & Contributors

Information

Published In

CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

April 2010

257 pages

ISBN:9781450300179

DOI:10.1145/1852666

Editors:
Frederick T. Sheldon
Oak Ridge National Laboratory
,
Stacy Prowell
Oak Ridge National Laboratory
,
Robert K. Abercrombie
Oak Ridge National Laboratory
,
Axel Krings
University of Idaho

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CSIIRW '10

CSIIRW '10: Annual Cyber Security and Information Intelligence Research Workshop

April 21 - 23, 2010

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
469
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Che Mat NJamil NYusoff YMat Kiah M(2024)A systematic literature review on advanced persistent threat behaviors and its detection strategyJournal of Cybersecurity10.1093/cybsec/tyad02310:1Online publication date: 2-Jan-2024
https://doi.org/10.1093/cybsec/tyad023
Saini J(2023)LSTM based deep learning approach to detect online violent activities over dark webMultimedia Tools and Applications10.1007/s11042-023-17222-883:14(42379-42390)Online publication date: 16-Oct-2023
https://doi.org/10.1007/s11042-023-17222-8
Saini JBansal D(2023)Computational techniques to counter terrorism: a systematic surveyMultimedia Tools and Applications10.1007/s11042-023-15545-083:1(1189-1214)Online publication date: 3-Jun-2023
https://doi.org/10.1007/s11042-023-15545-0
Ingale SParaye MAmbawade D(2020)A Survey on Methodologies for Multi-Step Attack Prediction2020 Fourth International Conference on Inventive Systems and Control (ICISC)10.1109/ICISC47916.2020.9171106(37-45)Online publication date: Jan-2020
https://doi.org/10.1109/ICISC47916.2020.9171106
Ingale SParaye MAmbawade D(2020)Enhancing Multi-Step Attack Prediction using Hidden Markov Model and Naive Bayes2020 International Conference on Electronics and Sustainable Communication Systems (ICESC)10.1109/ICESC48915.2020.9155895(36-44)Online publication date: Jul-2020
https://doi.org/10.1109/ICESC48915.2020.9155895
Dong CChen YZhang YJiang BHan DLiu B(2019)An Approach for Scale Suspicious Network Events Detection2019 IEEE International Conference on Big Data (Big Data)10.1109/BigData47090.2019.9006042(5854-5863)Online publication date: Dec-2019
https://doi.org/10.1109/BigData47090.2019.9006042
Shin JChoi SLiu PChoi Y(2019)Unsupervised multi-stage attack detection framework without details on single-stage attacksFuture Generation Computer Systems10.1016/j.future.2019.05.032100:C(811-825)Online publication date: 1-Nov-2019
https://dl.acm.org/doi/10.1016/j.future.2019.05.032
Baghel SYogesh (2018)Detecting Future Terrorism Trend in India Using Clustering Analysis2018 7th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO.2018.8748567(431-438)Online publication date: Aug-2018
https://doi.org/10.1109/ICRITO.2018.8748567
Juneja KRana C(2018)A Rule Framed SVM Model for Classification of Various DDOS Attack in Distributed Network2018 2nd International Conference on Micro-Electronics and Telecommunication Engineering (ICMETE)10.1109/ICMETE.2018.00032(96-101)Online publication date: Sep-2018
https://doi.org/10.1109/ICMETE.2018.00032
D’Andreagiovanni MBaiardi FLipilini JRuggieri STonelli F(2018)Sequential Pattern Mining for ICT Risk Assessment and PreventionSoftware Engineering and Formal Methods10.1007/978-3-319-74781-1_2(25-39)Online publication date: 2-Feb-2018
https://doi.org/10.1007/978-3-319-74781-1_2
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A Survey on Intrusion Detection and Prevention Systems

An alert data mining framework for network-based intrusion detection system

Agent-oriented network intrusion detection system using data mining approaches