Inference of Security Hazards from Event Composition Based on Incomplete or Uncertain Information

In many security-related contexts, a quick recognition of security hazards is required. Such recognition is challenging, since available information sources are often insufficient to infer the occurrence of hazards with certainty. This requires that the recognition of security hazard is carried out using inference based on patterns of occurrences distributed over space and time. The two main existing approaches to the inference of security hazards are a) custom-coded solutions, which are tailored to specific patterns, and cannot respond quickly to changes in the patterns of occurrences used for inference, and b) approaches based on direct statistical inferencing techniques, such as regression, which do not enable combining various kinds of evidence regarding the same hazard. In this work, we introduce a more generic formal framework which overcomes the aforementioned deficiencies, together with a case study illustrating the detection of DoS attacks.