Title :
Attack plan recognition and prediction using causal networks
Author :
Qin, Xinzhou ; Lee, Wenke
Author_Institution :
Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker´s high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA´s grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.
Keywords :
correlation theory; inference mechanisms; security of data; attack plan recognition; casual networks; grand challenge problem; intrusion detection; probabilistic inference; security alert correlation; security management; Algorithm design and analysis; Artificial intelligence; Character recognition; Clustering algorithms; Computer security; Data security; Intrusion detection; Libraries; Sensor systems; Technology management; Intrusion detection; alert correlation; attack scenario analysis; security management;
Conference_Titel :
Computer Security Applications Conference, 2004. 20th Annual
Print_ISBN :
0-7695-2252-1
DOI :
10.1109/CSAC.2004.7
