A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Trend Analysis of Exploitations
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Proceedings of the 2003 ACM workshop on Rapid malcode
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Worm Propagation and Generic Attacks
IEEE Security and Privacy
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Janus: a two-sided analytical model for multi-stage coordinated attacks
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Ant system: optimization by a colony of cooperating agents
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A botnet-based command and control approach relying on swarm intelligence
Journal of Network and Computer Applications
| Hi-index | 0.00 |
Multi-stage collusive attack (MSCA) covers a large class of attack variants, and commonly refers to an attack consists of several atomic attack stages and is enforced by a number of coordinated attack parties. The rich history of the development of countermeasures for specific MSCA, e.g., DDoS, worms, has shown that it is the special spatio-temporal characteristic that causes the prevention, detection and response of MSCA to be challenging. Instead of focusing on fine-grained specific attack analysis, this paper presents a model from high-level viewpoint, aiming at characterizing the behaviors of MSCA in terms of key spatio-temporal properties for better understanding and more effective design of countermeasures. The model is specifically developed for two purposes: First, it sheds light on the fundamental elements of an MSCA by examining its spatio-temporal related observations, and formulating attacker behavior as a reward-directed Markov decision process; Second, it assists security administrator in identifying the potential causal relationship of system vulnerabilities based on the reports of deployed security tools, so as to suggest appropriate actions. Taking the model as a basis, two meta-heuristic algorithms are designed. Specifically, attackers nondeterministic trail search (ANTS) is developed for approximately searching attack schemes with the minimum attack cost, and attacker's pivots discovery via backward searching (APD-BS) is designed for examining the pivots of attack schemes, namely the key observations associated with system state transitions during an attack. Finally, a proof-of-concept validation is conducted using a simulated enterprise network under DDoS attack, which is a typical MSCA variant.