Multi stage attack Detection system for Network Administrators using Data Mining
Conference
·
OSTI ID:986832
- University of Tennessee
- ORNL
In this paper, we present a method to discover, visualize, and predict behavior pattern of attackers in a network based system. We proposed a system that is able to discover temporal pattern of intrusion which reveal behaviors of attackers using alerts generated by Intrusion Detection System (IDS). We use data mining techniques to find the patterns of generated alerts by generating Association rules. Our system is able to stream real-time Snort alerts and predict intrusions based on our learned rules. Therefore, we are able to automatically discover patterns in multistage attack, visualize patterns, and predict intrusions.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- Work for Others (WFO)
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 986832
- Resource Relation:
- Conference: Cyber Security and Information Intelligence Research Workshop, Oak Ridge, TN, USA, 20100421, 20100423
- Country of Publication:
- United States
- Language:
- English
Similar Records
Alerts Analysis and Visualization in Network-based Intrusion Detection Systems
Alerts Visualization and Clustering in Network-based Intrusion Detection
Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment
Conference
·
Sun Aug 01 00:00:00 EDT 2010
·
OSTI ID:986832
Alerts Visualization and Clustering in Network-based Intrusion Detection
Conference
·
Thu Apr 01 00:00:00 EDT 2010
·
OSTI ID:986832
Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment
Conference
·
Sat Sep 01 00:00:00 EDT 2018
· 2018 North American Power Symposium (NAPS)
·
OSTI ID:986832