Learning attack strategies through attack sequence mining method

摘要

Since security audit data increased so dramatically, management and analysis of these security data become a challenge issue. In our system SATA (Security Alerts and Threat Analysis), we proposed a new method of learning multi-stage attack strategies through attack sequence mining method to recognize attacker's high-level strategies and predicting upcoming attack intentions. We first apply an attack sequence mining algorithm to mine attack behavior sequence patterns from alarm database. We then correlate the attack behaviors matched with certain attack sequence pattern to identify potential attack intentions. Our technique is easy to implement and it can be used to detect novel multi-stage attack strategies. The primary experiments show that our approach is effective and practical.