Title :
Terrain and behavior modeling for projecting multistage cyber attacks
Author :
Fava, Daniel ; Holsopple, Jared ; Yang, Shanchieh Jay ; Argauer, Brian
Author_Institution :
Rochester Inst. of Technol., Rochester
Abstract :
Contributions from the information fusion community have enabled comprehensible traces of intrusion alerts occurring on computer networks. Traced or tracked cyber attacks are the bases for threat projection in this work. Due to its complexity, we separate threat projection into two sub-tasks: predicting likely next targets and predicting attacker behavior. A virtual cyber terrain is proposed for identifying likely targets. Overlaying traced alerts onto the cyber terrain reveals exposed vulnerabilities, services, and hosts. Meanwhile, a novel attempt to extract cyber attack behavior is discussed. Leveraging traditional work on prediction and compression, this work identities behavior patterns from traced cyber attack data. The extracted behavior patterns are expected to further refine projections deduced from the cyber terrain.
Keywords :
computer networks; security of data; computer networks; intrusion alerts; multistage cyber attacks; virtual cyber terrain; Bayesian methods; Computer networks; Computer security; Data mining; Filtering; Hidden Markov models; Intrusion detection; Monitoring; Reconnaissance; Target tracking; contextual reasoning; cyber security; prediction;
Conference_Titel :
Information Fusion, 2007 10th International Conference on
Conference_Location :
Quebec, Que.
Print_ISBN :
978-0-662-45804-3
Electronic_ISBN :
978-0-662-45804-3
DOI :
10.1109/ICIF.2007.4408131
