Title: Sequential pattern analysis for event-based intrusion detection

Authors: T.N. Nisha; Dhanya Pramod

Addresses: Symbiosis Centre for Information Technology (SCIT), Constituent of Symbiosis International (SIU) (Deemed University), SCIT Plot No. 15, Rajiv Gandhi Infotech Park, Phase – I, Symbiosis Infotech Campus, MIDC, Hinjewadi, Pune – 411057, India ' Symbiosis Centre for Information Technology (SCIT), Constituent of Symbiosis International (SIU) (Deemed University), SCIT Plot No. 15, Rajiv Gandhi Infotech Park, Phase – I, Symbiosis Infotech Campus, MIDC, Hinjewadi, Pune – 411057, India

Abstract: The events in information system framework ranges from a single mouse click or a single ping to highly heterogeneous network log files and are huge in size and unusual in nature. The events are sequential in nature and the sequence of events depicts the behaviour of the system. Due to this feature event analysis became a significant technique in anomaly detection in security. Sequential pattern analysis is a new area in event-based intrusion detection where the real time event sequences are analysed to see the abnormalities in a computer system. This paper modifies the generalised sequential patterns (GSP) algorithm to identify the highly repeating pattern in an event sequence. The paper then evaluates the algorithm performance by analysing the network event sequence that is created when any two nodes in a network communicates and identifies the pattern of different denial of service (DoS) and scanning attacks in a network.

Keywords: security events; event-based intrusion detection; sequential event patterns; sequential pattern analysis; generalised sequential patterns; GSP; attack event patterns.

DOI: 10.1504/IJICS.2019.101936

International Journal of Information and Computer Security, 2019 Vol.11 No.4/5, pp.476 - 492

Received: 27 Sep 2017
Accepted: 20 Sep 2018

Published online: 27 Aug 2019 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article