Attack Scenario Construction Based on Rule and Fuzzy Clustering
- 190 Downloads
Correlation of intrusion alerts is a major technique in attack detection to build attack scenario. Rule-based and data mining methods have been used in some previous proposals to perform correlation. In this paper we integrate two complementary methods and introduce fuzzy clustering in the data mining method. To determine the fuzzy similarity coefficients, we introduce a hierarchy measurement and use weighted average to compute total similarity. This mechanism can measure the semantic distance of intrusion alerts with finer granularity than the common similarity measurement . The experimental results in this paper show that using fuzzy clustering method can reconstruct attack scenario which are wrecked by missed attacks.
Unable to display preview. Download preview PDF.
- 1.Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, D.C., pp. 245–254 (2002)Google Scholar
- 4.Jin, H., Sun, J.: A Fuzzy Data Mining Based Intrusion Detection Model. In: Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems, FTDCS 2004 (2004)Google Scholar
- 5.Liu, P.Y., Wu, M.D.: Fuzzy theory and its applications. National University of Defense Technology Press, China (1998)Google Scholar