Abstract: There is an increasing awareness of the growing influence of organized entities involved in today’s Internet attacks. However, there is no easy way to discriminate between the observed malicious activities of script kiddies and professional organizations, for example. For some time the project has collected data on a worldwide scale amenable to such analysis. Previous publications have highlighted the usefulness of so called attack clusters to provide some insight into the different tools used to attack Internet sites. In this paper, we introduce a new notion, namely cliques of clusters, as an automated knowledge discovery method. Clusters provide analysts with some refined information about how, and potentially by whom, attack tools are used. We provide some examples of the kind of information that they can provide. Our approach to the network attack pattern discovery problem is sketched in this section, and then presented in further detail in the later sections. It is assumed that on any target system, a packet sniffer tool captures all the raw network packets, and the TCP/UDP headers and other relevant information from the data payloads are recorded in a log file stored locally.