Efficient methods exist for discovering association rules fromlarge collections of data. The number of discovered rules can,however, be so large. At the same time it is well known that manydiscovered associations are ...Efficient methods exist for discovering association rules fromlarge collections of data. The number of discovered rules can,however, be so large. At the same time it is well known that manydiscovered associations are redundant or minor variations of others.Their existence may simply be due to chance rather than truecorrelation. Thus, those spurious and insignificant rules should beremoved. In this paper, we propose a novel technique to over- Comethis problem. The technique firstly introduces the newconcept-structure rule cover, and then present a Quantitative methodto prune redundant correlation patterns. The user can now obtain acomplete picture of the do- Main without being overwhelmed by a hugenumber of rules.展开更多
With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack p...With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.展开更多
文摘Efficient methods exist for discovering association rules fromlarge collections of data. The number of discovered rules can,however, be so large. At the same time it is well known that manydiscovered associations are redundant or minor variations of others.Their existence may simply be due to chance rather than truecorrelation. Thus, those spurious and insignificant rules should beremoved. In this paper, we propose a novel technique to over- Comethis problem. The technique firstly introduces the newconcept-structure rule cover, and then present a Quantitative methodto prune redundant correlation patterns. The user can now obtain acomplete picture of the do- Main without being overwhelmed by a hugenumber of rules.
基金This work is supported by the National Key R&D Program of China(2016QY05X1000)the National Natural Science Foundation of China(Grant No.201561402137).
文摘With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.
