Title :
Network Attack Analysis and the Behaviour Engine
Author :
Benham, A. ; Read, H. ; Sutherland, I.
Author_Institution :
Univ. of Glamorgan, Pontypridd, UK
Abstract :
Behaviour Engines allow the acquirement of tacit (implicit or none verbalists) knowledge by using an acquire-by-action workflow and provide a direct interaction platform between the domain expert and the evolving project code based on an intuitive justification-conclusion language, thus surpassing legacy policy engines by being a self developing and learning mechanism. This paper seeks to formulate the current state of the art in technology and processes and attempts to merge the application of ontological decision techniques of behaviour engines with network packet capture data, to detect data exfiltration attempts over covert channelling. The final goal of the research will be to develop a behaviour engine/intrusion detection solution for pre-emptive counter-measures to anomalous behaviour from within or without a network.
Keywords :
computer network security; learning (artificial intelligence); acquire-by-action workflow; anomalous behaviour; behaviour engine; covert channelling; data exfiltration attempts; evolving project code; justification-conclusion language; learning mechanism; legacy policy engines; network attack analysis; network packet capture data; preemptive counter-measures; self developing mechanism; tacit knowledge; Computer networks; Electronic mail; Engines; Intrusion detection; Malware; Protocols; Behaviour Engines; Covert Channels; Data Exfiltration; Intrusion Detection/Prevention;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4673-5550-6
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2013.157
