Title :
Intrusion activity projection for cyber situational awareness
Author :
Yang, Shanchieh J. ; Byers, Stephen ; Holsopple, Jared ; Argauer, Brian ; Fava, Daniel
Author_Institution :
Dept. of Comput. Eng., Rochester Inst. of Technol., Rochester, NY
Abstract :
Previous works in the area of network security have emphasized the creation of intrusion detection systems (IDSs) to flag malicious network traffic and computer usage. Raw IDS data may be correlated and form attack tracks, each of which consists of ordered collections of alerts belonging to a single multi-stage attack. Assessing an attack track in its early stage may reveal the attackerpsilas capability and behavior trends, leading to projections of future intrusion activities. Behavior trends are captured via variable length Markov models (VLMM) without predetermined attack plans. A virtual terrain schema is developed to model network and system configurations, and used to estimate critical elements and vulnerabilities exposed to each attacker given his/her progress. Experimental results show promises for these proactive measures in ensuring continuous and critical cyber operations.
Keywords :
Markov processes; security of data; attack tracks; cyber situational awareness; intrusion activity projection; malicious network traffic; raw IDS data; single multistage attack; variable length Markov models; Artificial intelligence; Computer security; Data security; IP networks; Information analysis; Information security; Internet; Intrusion detection; Telecommunication traffic; Uniform resource locators;
Conference_Titel :
Intelligence and Security Informatics, 2008. ISI 2008. IEEE International Conference on
Conference_Location :
Taipei
Print_ISBN :
978-1-4244-2414-6
Electronic_ISBN :
978-1-4244-2415-3
DOI :
10.1109/ISI.2008.4565048
