A Novel Multi-source Fusion Model for Known and Unknown Attack Scenarios

摘要

Nowadays, it is difficult to attract researchers with single data to do network security research. The single data is not comprehensive and can't depict the change of malicious attacks fully, it's reliability and authenticity are also difficult to determine, so the research of multi-source data fusion can help to distinguish the authenticity of data and obtain better results. In this paper, we propose a multi-source fusion model that uses ontologies to represent and store different information resources, employs logic reference rules to remove redundant and reduce false-positives, reconstructs scenario of the known attack and uses a new AOI-FIM algorithm for mining attack patterns of the unknown attack scenarios. The key benefit of the model is that it solves the syntax and semantic expression in the multi-source heterogeneous data and mines some unknown attack patterns. To illustrate and evaluate our approach, we use two separate case studies from the Darpa2000 and the Vast Challenge2012 dataset. The results show that our approach can reduces false positives obviously, builds scenario effectively for known attacks and mines frequent attack patterns exactly for unknown attacks.