中文摘要：

现有的利用入侵检测告警来构建攻击场号、识别多步攻击意图的方法存在着需要定义复杂的关联规则、过于依赖专家知识和难以发现完整场景等不足，为此提出了一种基于攻击行为序列模式挖掘方法的攻击意图识别技术．通过分析入侵告警的攻击行为序列，挖掘出多步攻击的行为模式，再进行在线的告警模式匹配和告警关联度计算来发现攻击者的攻击意图，预测攻击者的下一步攻击行为．实验结果表明，该方法可以有效的挖掘出攻击者的多步攻击行为模式，并能有效的实现在线的攻击意图识别．

英文摘要：

Large volume of security data makes it important to develop an advanced alert correlation system that can reduce alert redundancy, intelligently correlate security alerts and detect attack strategies. The existing methods of attack strategy recognition all have limited capabilities in detecting new and complete attack scenarios. The paper proposes a new method of recognizing attack plans by applying a new attack sequential pattern analysis technique to construct attack sequential pattern models from intrusion alert data offline. Then online alert sequential pattern matching＇and correlativity calculation are performed to recognize real attack strategies of the attacker. Experiments show that the method can effectively recognize attack plans online and can accordingly predict next most possible attack behavior.