There is little work has been done to mine attack models online in IDS alerts from the network backbone. The contributions of this paper are three-fold. Firstly, we put forward a software-pipeline online attack models mining framework suited with alert clustering mining methods. Secondly, we propose an online alert reduction method and improve two-stage clustering method. Thirdly, we propose an approach to adjust parameters used in the framework on the fly. The experiment shows that the data feature is stable in sequence length to apply the parameters self-adjustment algorithm, and parameters self-adjustment works well under the online mining framework. The online mining attack models is efficient compare to offline mining method, and generated attack models have convincing logic relation. © Springer International Publishing Switzerland 2013.
CITATION STYLE
Qiao, L. B., Zhang, B. F., Zhao, R. Y., & Su, J. S. (2013). Online mining of attack models in IDS alerts from network backbone by a two-stage clustering method. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8300 LNCS, pp. 104–116). https://doi.org/10.1007/978-3-319-03584-0_9
Mendeley helps you to discover research relevant for your work.