Title :
A systematic approach to multi-stage network attack analysis
Author :
Dawkins, Jerald ; Hale, John
Author_Institution :
Tulsa Univ., OK, USA
Abstract :
Network security analysis must coordinate diverse sources of information to support effective security models. The modeling, process must capture security-relevant information about targets and attackers. By capturing the trust relationships, vulnerabilities, and attacker capabilities, a security analyst can define and characterize complex, multistage attacks. Along with conducting systematic analyses on multistage attacks, the opportunity also exists to facilitate large scale detection and visualization, of security events by embedding modeling and analytical components within a more expansive security framework. We present a formalism and methodology for multistage network attack analysis. Applications to network security management, including a network vulnerability analyzer prototype, are also described.
Keywords :
computer network management; security of data; telecommunication security; multistage network attack analysis; network security analysis; network security management; network vulnerability analyzer prototype; security event detection; security event visualization; Data security; IP networks; Information analysis; Information security; Network servers; Network topology; Predictive models; Production; Prototypes; Visualization;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings. Second IEEE International
Print_ISBN :
0-7695-2117-7
DOI :
10.1109/IWIA.2004.1288037