DocumentCode
477035
Title
Real-time fusion and Projection of network intrusion activity
Author
Byers, Stephen R. ; Yang, Shanchieh J.
Author_Institution
Dept. of Comput. Eng., Rochester Inst. of Technol., Rochester, NY
fYear
2008
fDate
June 30 2008-July 3 2008
Firstpage
1
Lastpage
8
Abstract
Intrusion detection systems (IDS) warn of suspicious or malicious network activity and are a fundamental, yet passive, defense-in-depth layer for modern networks. Prior research has applied information fusion techniques to correlate the alerts of multiple IDSs and group those belonging to the same multi-stage attack into attack tracks. Projecting the next likely step in these tracks potentially enhances an analystpsilas situation awareness; however, the reliance on attack plans, complicated algorithms, or expert knowledge of the respective network is prohibitive and prone to obsolescence with the continual deployment of new technology and evolution of hacker tradecraft. This paper presents a real-time continually learning system capable of projecting attack tracks that does not require a priori knowledge about network architecture or rely on static attack templates. The intrusion projection system is framed as part of a larger information fusion and impact assessment architecture for cyber security.
Keywords
computer crime; real-time systems; attack track projection; cyber security; hacker tradecraft; impact assessment architecture; information fusion techniques; intrusion detection systems; intrusion projection system; real-time continually learning system; VLMM; cyber fusion; intrusion projection;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Fusion, 2008 11th International Conference on
Conference_Location
Cologne
Print_ISBN
978-3-8007-3092-6
Electronic_ISBN
978-3-00-024883-2
Type
conf
Filename
4632424
Link To Document