Discovering Attack Strategies Using Process Mining

Alvarenga, Sean C.; Zarpelão, Bruno B.; Junior, Sylvio B.; Miani, Rodrigo S.; Cukier, Michel

Home // AICT 2015, The Eleventh Advanced International Conference on Telecommunications // View article

Discovering Attack Strategies Using Process Mining

Authors:
Sean C. Alvarenga
Bruno B. Zarpelão
Sylvio B. Junior
Rodrigo S. Miani
Michel Cukier

Keywords: intrusion detection; security visualization; alert mining; heuristic mining.

Abstract:
Intrusion Detection Systems generate alerts which depend on manual analysis of a specialist to determine a response plan. However, these systems usually trigger thousands of alerts per day. Investigating unmanageable amounts of alerts manually becomes burdensome and error-prone. Besides, it complicates the analysis of critical alerts. In this paper, an approach is proposed to facilitate the investigation of huge amounts of intrusion detection alerts by a specialist. The proposed approach makes use of process mining techniques to discover attack strategies observed in intrusion alerts, which are presented to the network administrator in friendly visual models. Tests were performed using a real dataset from the University of Maryland. The results show that the proposed approach combines visual features along with quantitative measures that help the network administrator to analyze the alerts in an easy and intuitive manner.

Pages: 119 to 125

Copyright: Copyright (c) IARIA, 2015

Publication date: June 21, 2015

Published in: conference

ISSN: 2308-4030

ISBN: 978-1-61208-411-4

Location: Brussels, Belgium

Dates: from June 21, 2015 to June 26, 2015