The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Bayesian Networks and Decision Graphs
Bayesian Networks and Decision Graphs
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Adaptive, Model-Based Monitoring for Cyber Attack Detection
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Bayesian Event Classification for Intrusion Detection
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Naive Bayes vs decision trees in intrusion detection systems
Proceedings of the 2004 ACM symposium on Applied computing
Security Warrior
On Optimal Placement of Intrusion Detection Modules in Sensor Networks
BROADNETS '04 Proceedings of the First International Conference on Broadband Networks
ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Near-optimal sensor placements: maximizing information while minimizing communication cost
Proceedings of the 5th international conference on Information processing in sensor networks
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A Framework for the Evaluation of Intrusion Detection Systems
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
SP 800-58. Security Considerations for Voice Over IP Systems
SP 800-58. Security Considerations for Voice Over IP Systems
Recursive noisy OR - a rule for estimating complex probabilistic interactions
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Discrete sensor placement problems in distribution networks
Mathematical and Computer Modelling: An International Journal
Robust location detection with sensor networks
IEEE Journal on Selected Areas in Communications
Prioritizing intrusion analysis using Dempster-Shafer theory
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Hi-index | 0.00 |
To secure today's computer systems, it is critical to have different intrusion detection sensors embedded in them. The complexity of distributedcomputer systems makes it difficult to determine the appropriate configuration of these detectors, i.e., their choice and placement. In this paper, we describe a method to evaluate the effect of the detector configuration on the accuracy and precision of determining security goals in the system. For this, we develop a Bayesian network model for the distributed system, from an attack graph representation of multi-stage attacks in the system. We use Bayesian inference to solve the problem of determining the likelihood that an attack goal has been achieved, givena certain set of detector alerts. We quantify the overall detection performance in the system for different detector settings, namely, choice and placement of the detectors, their quality, and levels of uncertainty of adversarial behavior. These observations lead us to a greedy algorithm for determining the optimal detector settings in a large-scale distributed system. We present the results of experiments on Bayesian networks representing two real distributed systems and real attacks on them.