Skip to main content
Springer Nature Link
Log in

Sequential Pattern Mining for ICT Risk Assessment and Prevention

  • Conference paper
  • First Online:
Software Engineering and Formal Methods (SEFM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10729))

Included in the following conference series:

Abstract

Security risk assessment and prevention in ICT systems rely on the analysis of data on the joint behavior of the system and its (malicious) users. The Haruspex tool models intelligent, goal-oriented agents that reach their goals through attack sequences. Data is synthetically generated through a Monte Carlo method that runs multiple simulations of the attacks against the system. In this paper, we present a sequential pattern mining analysis of the database of attack sequences. The intended objective is twofold: (1) to exploit the extracted patterns for the design of attack counter-measures, and (2) for gaining a better understanding of the “degree of freedom” available for the attackers of a system. We formally motivate the need for using maximal sequential patterns, instead of frequent or closed sequential patterns, and report on the results on a specific case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A further problem is to extract a set of strategies that, in addition, are also specific to a threat agent because they are not (often) used by the other agents. In this sense, they define a signature of the threat agent.

References

  1. Baiardi, F., Corò, F., Tonelli, F., Sgandurra, D.: A scenario method to automatically assess ICT risk. In: Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2014), pp. 544–551. IEEE (2014)

    Google Scholar 

  2. Baiardi, F., Telmon, C., Sgandurra, D.: Haruspex: simulation-driven risk analysis for complex systems. ISACA J. 3, 46–51 (2012)

    Google Scholar 

  3. Baiardi, F., Tonelli, F., Bertolini, A.: CyVar: extending Var-At-Risk to ICT. In: Seehusen, F., Felderer, M., Großmann, J., Wendland, M.-F. (eds.) RISK 2015. LNCS, vol. 9488, pp. 49–62. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26416-5_4

    Chapter  Google Scholar 

  4. Brahmi, H., Yahia, S.B.: Discovering multi-stage attacks using closed multi-dimensional sequential pattern mining. In: Decker, H., Lhotská, L., Link, S., Basl, J., Tjoa, A.M. (eds.) DEXA 2013. LNCS, vol. 8056, pp. 450–457. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40173-2_38

    Chapter  Google Scholar 

  5. Fournier-Viger, P., Gomariz, A., Gueniche, T., Soltani, A., Wu, C., Tseng, V.S.: SPMF: a Java open-source pattern mining library. J. Mach. Learn. Res. 15, 3389–3393 (2014)

    MATH  Google Scholar 

  6. Fournier-Viger, P., Lin, J.C.-W., Kiran, R.U., Koh, Y.S., Thomas, R.: A survey of sequential pattern mining. Data Sci. Pattern Recogn. 1, 54–77 (2017)

    Google Scholar 

  7. Hochbaum, D.S.: Approximating covering and packing problems: set cover, vertex cover, independent set, and related problems. In: Hochbaum, D.S. (ed.) Approximation Algorithms for NP-hard Problems, pp. 94–143. PWS Publishing Co. (1997)

    Google Scholar 

  8. Joint Task Force Transformation Initiative Interagency Working Group. SP 800–30 revision 1: Guide for conducting risk assessments. National Institute of Standards & Technology (2012)

    Google Scholar 

  9. Katipally, R., Gasior, W., Cui, X., Yang, L.: Multistage attack detection system for network administrators using data mining. In: Proceedings of the Cyber Security and Information Intelligence Research Workshop (CSIIRW 2010), pp. 51. ACM (2010)

    Google Scholar 

  10. Lam, H.T., Mörchen, F., Fradkin, D., Calders, T.: Mining compressing sequential patterns. Stat. Anal. Data Min. 7(1), 34–52 (2014)

    Article  MathSciNet  Google Scholar 

  11. Lee, W., Stolfo, S.J., Mok, K.W.: Adaptive intrusion detection: a data mining approach. Artif. Intell. Rev. 14(6), 533–567 (2000)

    Article  MATH  Google Scholar 

  12. Mabroukeh, N.R., Ezeife, C.I.: A taxonomy of sequential pattern mining algorithms. ACM Comput. Surv. 43(1), 3:1–3:41 (2010)

    Article  Google Scholar 

  13. MITRE: Common Weakness Enumeration. https://cwe.mitre.org/

  14. Mooney, C., Roddick, J.F.: Sequential pattern mining - approaches and algorithms. ACM Comput. Surv. 45(2), 19:1–19:39 (2013)

    Article  MATH  Google Scholar 

  15. NIST: National Vulnerability Database. https://nvd.nist.gov/

  16. Schiffman, M.: Common Vulnerability Scoring System. https://www.first.org/cvss

  17. Srinivas, P.G., Reddy, P.K., Trinath, A.V., Sripada, B., Kiran, R.U.: Mining coverage patterns from transactional databases. J. Intell. Inf. Syst. 45(3), 423–439 (2015)

    Article  Google Scholar 

  18. Tatti, N., Vreeken, J.: The long and the short of it: summarising event sequences with serial episodes. In: Proceedings of International Conference on Knowledge Discovery and Data Mining (KDD 2012), pp. 462–470. ACM (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Largo B. Pontecorvo 3, 56127, Pisa, Italy

    Michele D’Andreagiovanni, Fabrizio Baiardi, Jacopo Lipilini, Salvatore Ruggieri & Federico Tonelli

Authors
  1. Michele D’Andreagiovanni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabrizio Baiardi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jacopo Lipilini
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Salvatore Ruggieri
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Federico Tonelli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Salvatore Ruggieri .

Editor information

Editors and Affiliations

  1. Nazarbayev University, Astana, Kazakhstan

    Antonio Cerone

  2. Fondazione Bruno Kessler, Povo, Italy

    Marco Roveri

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

D’Andreagiovanni, M., Baiardi, F., Lipilini, J., Ruggieri, S., Tonelli, F. (2018). Sequential Pattern Mining for ICT Risk Assessment and Prevention. In: Cerone, A., Roveri, M. (eds) Software Engineering and Formal Methods. SEFM 2017. Lecture Notes in Computer Science(), vol 10729. Springer, Cham. https://doi.org/10.1007/978-3-319-74781-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-74781-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-74780-4

  • Online ISBN: 978-3-319-74781-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics