Distributed Attack Modeling Approach Based on Process Mining and Graph Segmentation

Yuzhong Chen; Zhenyu Liu; Yulin Liu; Chen Dong

doi:10.3390/e22091026

Distributed Attack Modeling Approach Based on Process Mining and Graph Segmentation

Entropy ◽

10.3390/e22091026 ◽

2020 ◽

Vol 22 (9) ◽

pp. 1026

Author(s):

Yuzhong Chen ◽

Zhenyu Liu ◽

Yulin Liu ◽

Chen Dong

Keyword(s):

Network Security ◽

Process Mining ◽

Segmentation Algorithm ◽

Attack Behavior ◽

Initial Attack ◽

Attack Graph ◽

Graph Modeling ◽

Mining Algorithm ◽

Attack Models ◽

Attack Strategy

Attack graph modeling aims to generate attack models by investigating attack behaviors recorded in intrusion alerts raised in network security devices. Attack models can help network security administrators discover an attack strategy that intruders use to compromise the network and implement a timely response to security threats. However, the state-of-the-art algorithms for attack graph modeling are unable to obtain a high-level or global-oriented view of the attack strategy. To address the aforementioned issue, considering the similarity between attack behavior and workflow, we employ a heuristic process mining algorithm to generate the initial attack graph. Although the initial attack graphs generated by the heuristic process mining algorithm are complete, they are extremely complex for manual analysis. To improve their readability, we propose a graph segmentation algorithm to split a complex attack graph into multiple subgraphs while preserving the original structure. Furthermore, to handle massive volume alert data, we propose a distributed attack graph generation algorithm based on Hadoop MapReduce and a distributed attack graph segmentation algorithm based on Spark GraphX. Additionally, we conduct comprehensive experiments to validate the performance of the proposed algorithms. The experimental results demonstrate that the proposed algorithms achieve considerable improvement over comparative algorithms in terms of accuracy and efficiency.

Download Full-text

Process mining algorithm to discover non-certain choice and parallel relation

Journal of Computer Applications ◽

10.3724/sp.j.1087.2008.02922 ◽

2009 ◽

Vol 28 (11) ◽

pp. 2922-2925 ◽

Cited By ~ 1

Author(s):

Hong-mei HUANG ◽

Yun ZHANG

Keyword(s):

Process Mining ◽

Mining Algorithm

Download Full-text

A Quantitative Method for Evaluating Network Security Based on Attack Graph

Network and System Security - Lecture Notes in Computer Science ◽

10.1007/978-3-319-64701-2_25 ◽

2017 ◽

pp. 349-358 ◽

Cited By ~ 3

Author(s):

Yukun Zheng ◽

Kun Lv ◽

Changzhen Hu

Keyword(s):

Network Security ◽

Quantitative Method ◽

Attack Graph

Download Full-text

An attack graph based network security evaluation model for hierarchical network

2010 IEEE International Conference on Information Theory and Information Security ◽

10.1109/icitis.2010.5688764 ◽

2010 ◽

Cited By ~ 1

Author(s):

Haihui Ge ◽

Lize Gu ◽

Yixian Yang ◽

Kewei Liu

Keyword(s):

Network Security ◽

Evaluation Model ◽

Security Evaluation ◽

Hierarchical Network ◽

Attack Graph

Download Full-text

Network security defense model based on firewall and IPS

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-189294 ◽

2020 ◽

Vol 39 (6) ◽

pp. 8961-8969

Author(s):

Shijie Ding ◽

Zhiwei Zhang ◽

Jun Xie

Keyword(s):

Network Security ◽

Intrusion Detection ◽

Detection System ◽

Reference Value ◽

Attack Behavior ◽

Validity And Reliability ◽

Characteristic Analysis ◽

Technical Requirements ◽

Defense Model ◽

The Government

With the spread of the COVID-19 epidemic, the government has put forward higher requirements for network security and reliability through the flow of network managers and the release of information. Traditional intrusion detection technology and firewall technology cannot effectively defend against DDoS attacks. This paper analyzes the principles and defects of intrusion detection system and firewall. In this paper, the architecture design of intrusion prevention system which integrates audit and network defense functions is proposed. The system optimizes the detection and analysis component of detecting attack behavior according to the special requirements of attack defense task, and adds the module of attack behavior characteristic analysis and defense strategy generation. The policy execution component uses a special defense engine to execute defense policies, providing the system with deep defense capabilities. Experiments show that the validity and reliability of the key modules in the proposed defense model meet the technical requirements. It has a certain reference value to improve the reliability of network management system under the influence of COVID-19 epidemic situation.

Download Full-text

Dynamic Network Security Situation Prediction based on Bayesian Attack Graph and Big Data

2018 IEEE 4th Information Technology and Mechatronics Engineering Conference (ITOEC) ◽

10.1109/itoec.2018.8740765 ◽

2018 ◽

Cited By ~ 1

Author(s):

Pengwen Lin ◽

Yonghong Chen

Keyword(s):

Big Data ◽

Network Security ◽

Dynamic Network ◽

Attack Graph

Download Full-text

Research on Attack Graph Generation for Network Security Situation

Proceedings of The Eighth International Conference on Bio-Inspired Computing: Theories and Applications (BIC-TA), 2013 - Advances in Intelligent Systems and Computing ◽

10.1007/978-3-642-37502-6_134 ◽

2013 ◽

pp. 1147-1154

Author(s):

Yanbo Wang ◽

Huiqiang Wang ◽

Chao Zhao ◽

Yushu Zhang ◽

Ming Yu

Keyword(s):

Network Security ◽

Attack Graph ◽

Graph Generation

Download Full-text

Research on the Protection Strategy of Network Security

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.703.236 ◽

2013 ◽

Vol 703 ◽

pp. 236-239

Author(s):

Hong Ji

Keyword(s):

Network Security ◽

Development Trend ◽

Stable Operation ◽

Attack Behavior ◽

Global Information ◽

Network Technology ◽

Network Attack ◽

Security Issues ◽

Detection Technology ◽

Protection Technology

The global information has become the human development trend with the development of network technology. People enjoy the convenience brought by the network technology and confront many network security issues. Because the network attack behavior has concealment, complexity and permeability, the network security issues become increasingly prominent and the network security protection become more difficult. Based on the analysis of the threatening factors to the network security, such as hacking, computer viruses, computer system vulnerabilities, security issues of the network protocol, weak authentication and logic bombs, the firewall technology, intrusion detection technology, access control technology and computer virus protection technology are proposed to ensure safe and stable operation and use of network.

Download Full-text

Network Security Risk Assessment Based on Attack Graph

Journal of Computers ◽

10.4304/jcp.8.9.2339-2347 ◽

2013 ◽

Vol 8 (9) ◽

Cited By ~ 3

Author(s):

Lixia Xie ◽

Xiao Zhang ◽

Jiyong Zhang

Keyword(s):

Risk Assessment ◽

Network Security ◽

Security Risk ◽

Attack Graph ◽

Security Risk Assessment

Download Full-text

Analysis of attack graph-based metrics for quantification of network security

2012 Annual IEEE India Conference (INDICON) ◽

10.1109/indcon.2012.6420675 ◽

2012 ◽

Cited By ~ 5

Author(s):

Arkadeep Kundu ◽

Nirnay Ghosh ◽

Ishan Chokshi ◽

Soumya K Ghosh

Keyword(s):

Network Security ◽

Attack Graph

Download Full-text

An Attack Graph-Based Probabilistic Computing Approach of Network Security

Chinese Journal of Computers ◽

10.3724/sp.j.1016.2010.01987 ◽

2010 ◽

Vol 33 (10) ◽

pp. 1987-1996 ◽

Cited By ~ 9

Author(s):

Yun YE ◽

Xi-Shan XU ◽

Yan JIA ◽

Zhi-Chang QI

Keyword(s):

Network Security ◽

Attack Graph ◽

Computing Approach

Download Full-text