期刊名称:International Journal of Network Security & Its Applications
印刷版ISSN:0975-2307
电子版ISSN:0974-9330
出版年度:2012
卷号:4
期号:6
DOI:10.5121/ijnsa.2012.461
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:For effective security incidence response on the network, a reputable approach must be in placeat bothprotected and unprotected region of the network. Thisis because compromise in the demilitarized zonecould be precursor to threat inside the network. The improved complexity of attacks inpresent timesandvulnerability of system are motivationsfor this work. Past and present approachesto intrusion detectionand prevention have neglected victim and attackerpropertiesdespite the fact thatforintrusion to occur,an overt act by an attacker and a manifestation, observable by the intended victim, which results fromthat actare required.Therefore, this paper presents athreat characterization model forattacks fromthevictimandtheattacker perspective of intrusionusingdata mining technique. The datamining techniquecombinesFrequent Temporal Sequence Association Mining and Fuzzy Logic. AprioriAssociation Miningalgorithmwasusedto mine temporal rule patterns from alertsequences while Fuzzy Control Systemwasused to rate exploits.Theresults of the experiment showthataccurate threat characterization inmultipleintrusionperspectivescould be actualizedusing Fuzzy Association Mining. Also, the results provedthatsequence ofexploitscould be used to rate threatandare motivated by victim properties and attackerobjectives.
