Abstract
An intrusion is a series of relevant actions that occur to a victim in some sequence through the Internet. In this paper, a serial episode mining is first applied to find all possible sophisticated Internet attacks, and then an episode pruning skill is applied to cut unnecessary ones to reduce administrator’s further effort. Input data, log files from a honeypot system, is regarded as a sequence of events, where each event has an associated time of occurrence. The method proposed in this paper can be used to detect abnormal Internet episodes including unknown attacks. Some experiments had been conducted to show the effectiveness of the proposed method.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
