Novel Online Attack Strategy Recognition Technique

Large volume of security data makes it important to develop an advanced alert correlation system that can reduce alert redundancy,intelligently correlate security alerts and detect attack strategies.The existing methods of attack strategy recognition all have limited capabilities in detecting new and complete attack scenarios.The paper proposes a new method of recognizing attack plans by applying a new attack sequential pattern analysis technique to construct attack sequential pattern models from intrusion alert data offline.Then online alert sequential pattern matching and correlativity calculation are performed to recognize real attack strategies of the attacker.Experiments show that the method can effectively recognize attack plans online and can accordingly predict next most possible attack behavior.