High level information fusion for tracking and projection of multistage cyber attacks

Authors:
Shanchieh J. Yang;Adam Stotz;Jared Holsopple;Moises Sudit;Michael Kuhl
Affiliations:
Department of Computer Engineering, Rochester Institute of Technology, 83 Lomb Memorial Dr., Rochester, NY 14623, USA;Information Fusion Division, Calspan-UB Research Center, 4455 Genesee Street, Buffalo, NY 14225, USA;Information Fusion Division, Calspan-UB Research Center, 4455 Genesee Street, Buffalo, NY 14225, USA;Department of Industrial and Systems Engineering, University at Buffalo, 438 Bell Hall, Buffalo, NY 14260-2050, USA;Department of Industrial and Systems Engineering, Rochester Institute of Technology, 83 Lomb Memorial Dr., Rochester, NY 14623, USA
Venue:
Information Fusion
Year:
2009

Citing 14
Cited 2

A shortest augmenting path algorithm for dense and sparse linear assignment problems

Computing
A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
Intrusion detection systems and multisensor data fusion

Communications of the ACM
Bayesian Networks and Decision Graphs

Bayesian Networks and Decision Graphs
Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Generalized OWA Aggregation Operators

Fuzzy Optimization and Decision Making
Techniques and tools for analyzing intrusion alerts

ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
Attack Plan Recognition and Prediction Using Causal Networks

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Alert Correlation through Triggering Events and Common Resources

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Evaluating threat assessment for multi-stage cyber attacks

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Hierarchical aggregation functions generated from belief structures

IEEE Transactions on Fuzzy Systems

A vulnerability attack graph generation method based on scripts

ICICA'12 Proceedings of the Third international conference on Information Computing and Applications
Risk-Based models of attacker behavior in cybersecurity

SBP'13 Proceedings of the 6th international conference on Social Computing, Behavioral-Cultural Modeling and Prediction

Quantified Score

Hi-index	0.00

Visualization

Abstract

The use of computer networks has become a necessity for government, industry, and personal businesses. Protection and defense against cyber attacks on computer networks, however, are becoming inadequate as attackers become more sophisticated and as the networks and systems become more complex. Drawing analogies from other application domains, this paper introduces information fusion to provide situation awareness and threat prediction from massive volumes of sensed data. An in-depth discussion is provided to define fusion tasks for cyber defense. A novel cyber fusion system is proposed to address specifically the tracking and projection of multistage attacks. Critical assessments of the developed attack tracking and threat projection sub-components are provided with simulation results. This pioneering work elaborates the benefits, limitations, and future challenges of high level information fusion for cyber security.