A stochastic model for intrusions

Authors:
Robert P. Goldman
Affiliations:
Smart Information Flow Technologies, LLC, Minneapolis, MN
Venue:
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Year:
2002

Citing 11
Cited 3

Real-time reasoning: the monitoring and control of spacecraft systems

Proceedings of the sixth conference on Artificial intelligence applications
The frame problem in situation the calculus: a simple solution (sometimes) and a completeness result for goal regression

Artificial intelligence and mathematical theory of computation
Intelligence without robots: a reply to Brooks

AI Magazine
ConGolog, a concurrent programming language based on the situation calculus

Artificial Intelligence
A requires/provides model for computer attacks

Proceedings of the 2000 workshop on New security paradigms
Incremental execution of guarded theories

ACM Transactions on Computational Logic (TOCL) - Special issue devoted to Robert A. Kowalski
Open World Planning in the Situation Calculus

Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence
Decision-Theoretic, High-Level Agent Programming in the Situation Calculus

Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
On-line execution of cc-Golog plans

IJCAI'01 Proceedings of the 17th international joint conference on Artificial intelligence - Volume 1

Towards Modelling Information Security with Key-Challenge Petri Nets

NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
PAID: packet analysis for anomaly intrusion detection

PAKDD'08 Proceedings of the 12th Pacific-Asia conference on Advances in knowledge discovery and data mining
Analyzing vulnerabilities and measuring security level at design and exploitation stages of computer network life cycle

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a computer network attack model with two novel features: it uses a very flexible action representation, the situation calculus and goal-directed procedure invocation to simulate intelligent, reactive attackers. Using the situation calculus, our simulator can project the results actions with complex preconditions and context-dependent effects. We have extended the Golog situation calculus programming with goal-directed procedure invocation. With goal-directed invocation one can express attacker plans like "first attain root privilege on a host trusted by the target, and then exploit the trust relationship to escalate privilege on the target." Our simulated attackers choose among methods that can achieve goals, and react to failures appropriately, by persistence, choosing alternate means of goal achievement, and/or abandoning goals. We have designed a stochastic attack simulator and built enough of its components to simulate goal-directed attack on a network.