Network Attack Analysis and the Behaviour Engine

Author

Benham, A. ; Read, H. ; Sutherland, I.

Author_Institution

Univ. of Glamorgan, Pontypridd, UK

fYear

2013

fDate

25-28 March 2013

Firstpage

106

Lastpage

113

Abstract

Behaviour Engines allow the acquirement of tacit (implicit or none verbalists) knowledge by using an acquire-by-action workflow and provide a direct interaction platform between the domain expert and the evolving project code based on an intuitive justification-conclusion language, thus surpassing legacy policy engines by being a self developing and learning mechanism. This paper seeks to formulate the current state of the art in technology and processes and attempts to merge the application of ontological decision techniques of behaviour engines with network packet capture data, to detect data exfiltration attempts over covert channelling. The final goal of the research will be to develop a behaviour engine/intrusion detection solution for pre-emptive counter-measures to anomalous behaviour from within or without a network.

Keywords

computer network security; learning (artificial intelligence); acquire-by-action workflow; anomalous behaviour; behaviour engine; covert channelling; data exfiltration attempts; evolving project code; justification-conclusion language; learning mechanism; legacy policy engines; network attack analysis; network packet capture data; preemptive counter-measures; self developing mechanism; tacit knowledge; Computer networks; Electronic mail; Engines; Intrusion detection; Malware; Protocols; Behaviour Engines; Covert Channels; Data Exfiltration; Intrusion Detection/Prevention;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on

Conference_Location

Barcelona

ISSN

1550-445X

Print_ISBN

978-1-4673-5550-6

Electronic_ISBN

1550-445X

Type

conf

DOI

10.1109/AINA.2013.157

Filename

6531744