Title :
Situation Awareness of multistage cyber attacks by semantic event fusion
Author :
Mathew, Sunu ; Upadhyaya, Shambhu ; Sudit, Moises ; Stotz, Adam
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. at Buffalo, Buffalo, NY, USA
fDate :
Oct. 31 2010-Nov. 3 2010
Abstract :
In this paper, we present strategies for real-time Situation Awareness of multistage cyber-attacks by utilizing heterogeneous sensor event streams. A flexible and practically usable attack modeling approach based on network connectivity and attack progression semantics is used to produce multistage attack templates. Events in live alert streams are correlated based on their semantics and the attack templates to provide analysts with effective perception, comprehension and projection of likely attacks and their progression. The techniques form the basis of the Event Correlation for Cyber Attack Recognition System (ECCARS), which is tested and validated extensively with realistic datasets.
Keywords :
computer network security; ECCARS; attack modeling approach; attack progression semantics; cyber attack recognition system; event correlation; heterogeneous sensor event streams; multistage attack templates; multistage cyber attacks; network connectivity; semantic event fusion; situation awareness; Correlation; Electronic mail; IP networks; Measurement; Open systems; Real time systems; Semantics;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2010 - MILCOM 2010
Conference_Location :
San Jose, CA
Print_ISBN :
978-1-4244-8178-1
DOI :
10.1109/MILCOM.2010.5680121
