Authors: T.N. Nisha; Dhanya Pramod
Addresses: Symbiosis Centre for Information Technology (SCIT), Constituent of Symbiosis International (SIU) (Deemed University), SCIT Plot No. 15, Rajiv Gandhi Infotech Park, Phase – I, Symbiosis Infotech Campus, MIDC, Hinjewadi, Pune – 411057, India ' Symbiosis Centre for Information Technology (SCIT), Constituent of Symbiosis International (SIU) (Deemed University), SCIT Plot No. 15, Rajiv Gandhi Infotech Park, Phase – I, Symbiosis Infotech Campus, MIDC, Hinjewadi, Pune – 411057, India
Abstract: The events in information system framework ranges from a single mouse click or a single ping to highly heterogeneous network log files and are huge in size and unusual in nature. The events are sequential in nature and the sequence of events depicts the behaviour of the system. Due to this feature event analysis became a significant technique in anomaly detection in security. Sequential pattern analysis is a new area in event-based intrusion detection where the real time event sequences are analysed to see the abnormalities in a computer system. This paper modifies the generalised sequential patterns (GSP) algorithm to identify the highly repeating pattern in an event sequence. The paper then evaluates the algorithm performance by analysing the network event sequence that is created when any two nodes in a network communicates and identifies the pattern of different denial of service (DoS) and scanning attacks in a network.
Keywords: security events; event-based intrusion detection; sequential event patterns; sequential pattern analysis; generalised sequential patterns; GSP; attack event patterns.
International Journal of Information and Computer Security, 2019 Vol.11 No.4/5, pp.476 - 492
Received: 27 Sep 2017
Accepted: 20 Sep 2018
Published online: 27 Aug 2019 *