Title :
Enlisting event patterns for cyber battlefield awareness
Author :
Perrochon, Louis ; Jang, Eunhei ; Kasriel, Stephane ; Luckham, David C.
Author_Institution :
Stanford Univ., CA, USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
Cyber warfare consists to a large degree of reaction to activities happening in the information infrastructure. Better knowledge of the status of this infrastructure at any time allows more appropriate reactions. Context-based event correlation can provide a more appropriate view of the cyber battlefield by providing users a view on the desired level of abstraction. We informally introduce context as the temporal and causal relations between events. Event correlation based on event patterns in a declarative language means we specify what to detect, instead of how to detect. We describe the Stanford University context-based event correlator that is able to process events on-line, as they are generated. It can be reconfigured dynamically while it is running. On the example of intrusion detection, we show how Complex Event Processing (CEP) increases detection rate, reduce false alarms, and detect large-scale attack patterns at an early stage
Keywords :
computer network management; security of data; supervisory programs; Stanford University context-based event correlator; context-based event correlation; cyber battlefield awareness; cyber warfare; declarative language; event patterns; information infrastructure; intrusion detection; large-scale attack patterns; Arm; Computer crime; Computer networks; Computer security; Data security; Ear; Event detection; IP networks; Intrusion detection; Telecommunication traffic;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.821538
