Sequential Pattern Miner for Alert Pattern Analysis

G.Y. No, M.S. Shin, K.H. Ryu, and J.S. Kim (Korea)

Keywords

Sequential pattern mining, alert pattern analysis and Pre fixSpan algorithm

Abstract

Recently, due to the open architecture of the internet and wide spread of internet users, the cyber terrors have been increasing. Intrusion detection techniques have been de veloped to protect computer and network systems against malicious attacks. However, intrusion detection tech niques are still far from perfect. Intrusion detection sys tem raises alarms when possible intrusion happens. Con sequently, the intrusion detection systems usually gener ate a large amount of alerts that can be unmanageable and also be mixed with false alerts. So it is necessary to man age alerts for the correct intrusion detection. In this paper, we propose sequential pattern miner for alert data analysis, which supports intelligent and automated detection as a solution to resolve the problems associated with intrusion detection system. We extend PrefixSpan algorithms for the proposed sequential pattern miner because it has ad vantages of performance during mining process. Imple mented sequential pattern miner is able to extract applica ble intrusion patterns and then to detect and respond to them. The proposed mining system is useful to improve the detection rate of network-based intrusion detection systems.

Important Links:

Go Back