A systematic approach to multi-stage network attack analysis

Author

Dawkins, Jerald ; Hale, John

Author_Institution

Tulsa Univ., OK, USA

fYear

2004

fDate

8-9 April 2004

Firstpage

48

Lastpage

56

Abstract

Network security analysis must coordinate diverse sources of information to support effective security models. The modeling, process must capture security-relevant information about targets and attackers. By capturing the trust relationships, vulnerabilities, and attacker capabilities, a security analyst can define and characterize complex, multistage attacks. Along with conducting systematic analyses on multistage attacks, the opportunity also exists to facilitate large scale detection and visualization, of security events by embedding modeling and analytical components within a more expansive security framework. We present a formalism and methodology for multistage network attack analysis. Applications to network security management, including a network vulnerability analyzer prototype, are also described.

Keywords

computer network management; security of data; telecommunication security; multistage network attack analysis; network security analysis; network security management; network vulnerability analyzer prototype; security event detection; security event visualization; Data security; IP networks; Information analysis; Information security; Network servers; Network topology; Predictive models; Production; Prototypes; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2004. Proceedings. Second IEEE International

Print_ISBN

0-7695-2117-7

Type

conf

DOI

10.1109/IWIA.2004.1288037

Filename

1288037