首页|期刊导航|通信学报|基于警报序列聚类的多步攻击模式发现研究

基于警报序列聚类的多步攻击模式发现研究

梅海彬龚俭张明华

通信学报2011，Vol.32Issue(5)：63-69,7.

基于警报序列聚类的多步攻击模式发现研究

Research on discovering multi-step attack patterns based on clustering IDS alert sequences

梅海彬 ¹龚俭 ²张明华¹

作者信息

1. 东南大学计算机科学与工程学院江苏省计算机网络技术重点实验室,江苏,南京,210096
2. 上海海洋大学信息学院,上海,201306
折叠

摘要

Abstract

A method of discovering multi-step attack patterns from alert data was studied. Alert similarity function was defined to construct the set of attack activity sequences. Sequence alignment technology was used to cluster the similar attack activity sequences. Multi-step attack patterns in a cluster were automatically discovered by the longest common subsequence extraction algorithm based on the idea of dynamic programming. The proposed method didn't depend on large amounts of prior knowledge. Few configuration parameters were needed and it was easy to implement. Experimental results demonstrate the effectiveness of proposed method.

关键词

入侵检测/警报关联/多步攻击/聚类

Key words

intrusion detection/ alert correlation/ multi-step attack/ clustering

分类

信息技术与安全科学

引用本文复制引用

梅海彬,龚俭,张明华..基于警报序列聚类的多步攻击模式发现研究[J].通信学报,2011,32(5):63-69,7.

基金项目

国家重点基础研究发展计划("973"计划)基金资助项目(2009CB320505)上海高校选拔培养优秀青年教师科研专项基金资助项目(ssc09015) （"973"计划）

通信学报

OA北大核心CSCDCSTPCD

ISSN：1000-436X

访问量0

下载量0

段落导航