• DocumentCode
    477035
  • Title

    Real-time fusion and Projection of network intrusion activity

  • Author

    Byers, Stephen R. ; Yang, Shanchieh J.

  • Author_Institution
    Dept. of Comput. Eng., Rochester Inst. of Technol., Rochester, NY
  • fYear
    2008
  • fDate
    June 30 2008-July 3 2008
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    Intrusion detection systems (IDS) warn of suspicious or malicious network activity and are a fundamental, yet passive, defense-in-depth layer for modern networks. Prior research has applied information fusion techniques to correlate the alerts of multiple IDSs and group those belonging to the same multi-stage attack into attack tracks. Projecting the next likely step in these tracks potentially enhances an analystpsilas situation awareness; however, the reliance on attack plans, complicated algorithms, or expert knowledge of the respective network is prohibitive and prone to obsolescence with the continual deployment of new technology and evolution of hacker tradecraft. This paper presents a real-time continually learning system capable of projecting attack tracks that does not require a priori knowledge about network architecture or rely on static attack templates. The intrusion projection system is framed as part of a larger information fusion and impact assessment architecture for cyber security.
  • Keywords
    computer crime; real-time systems; attack track projection; cyber security; hacker tradecraft; impact assessment architecture; information fusion techniques; intrusion detection systems; intrusion projection system; real-time continually learning system; VLMM; cyber fusion; intrusion projection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Fusion, 2008 11th International Conference on
  • Conference_Location
    Cologne
  • Print_ISBN
    978-3-8007-3092-6
  • Electronic_ISBN
    978-3-00-024883-2
  • Type

    conf

  • Filename
    4632424