Attacks against computer network: formal grammar-based framework and simulation tool

Authors:
Vladimir Gorodetski;Igor Kotenko
Affiliations:
St. Petersburg Institute for Informatics and Automation, St. Petersburg, Russia;St. Petersburg Institute for Informatics and Automation, St. Petersburg, Russia
Venue:
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Year:
2002

Citing 14
Cited 11

State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Computer crime: a crimefighter's handbook

Computer crime: a crimefighter's handbook
Intrusion-detection for incident-response, using a military battlefield-intelligence process

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
The theory of parsing, translation, and compiling

The theory of parsing, translation, and compiling
A Software Platform for Testing Intrusion Detection Systems

IEEE Software
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Network Security Modeling and Cyber Attack Simulation Methodology

ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Software Development Kit for Multi-agent Systems Design and Implementation

CEEMAS '01 Revised Papers from the Second International Workshop of Central and Eastern Europe on Multi-Agent Systems: From Theory to Practice in Multi-Agent Systems
ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection

IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
NetSTAT: A Network-Based Intrusion Detection Approach

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
How to Systematically Classify Computer Security Intrusions

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Software vulnerability analysis

Software vulnerability analysis
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Towards flexible teamwork

Journal of Artificial Intelligence Research

A model of the behavior of network objects in distributed computer systems

Programming and Computing Software
Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients

Proceedings of the 2009 ACM symposium on Applied Computing
Agent-based modeling and simulation of network softbots' competition

Proceedings of the 2006 conference on Knowledge-Based Software Engineering: Proceedings of the Seventh Joint Conference on Knowledge-Based Software Engineering
A knowledge-based approach to network security: applying Cyc in the domain of network risk assessment

IAAI'05 Proceedings of the 17th conference on Innovative applications of artificial intelligence - Volume 3
Teamwork of hackers-agents: modeling and simulation of coordinated distributed attacks on computer networks

CEEMAS'03 Proceedings of the 3rd Central and Eastern European conference on Multi-agent systems
On competing agents consistent with expert knowledge

AIS-ADM'07 Proceedings of the 2nd international conference on Autonomous intelligent systems: agents and data mining
Effective discovery of intrusion protection strategies

AIS-ADM 2005 Proceedings of the 2005 international conference on Autonomous Intelligent Systems: agents and Data Mining
Analyzing vulnerabilities and measuring security level at design and exploitation stages of computer network life cycle

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Behavior-based model of detection and prevention of intrusions in computer networks

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Language games for meaning negotiation between human and computer agents

ESAW'05 Proceedings of the 6th international conference on Engineering Societies in the Agents World
Systematic engineering of control protocols for covert channels

CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The paper presents an approach and formal framework for modeling attacks against computer network and its software implementation on the basis of a multi-agent architecture. The model of an attack is considered as a complex process of contest of adversary entities those are malefactor or team of malefactors, on the one hand, and network security system implementing a security policy, on the other hand. The paper focuses on the conceptual justification of the chosen approach, specification of the basic components composing attack model, formal frameworks for specification of the above components and their interaction in simulation procedure. The peculiarities of the developed approach are the followings: (1) malefactor's intention-centric attack modeling; (2) multi-level attack specification; (3) ontology-based distributed attack model structuring; (4) attributed stochastic LL(2) context-free grammar for formal specification of attack scenarios and its components ("simple attacks"); (5) using operation of formal grammar substitution for specification of multi-level structure of attacks; (6) state machine-based formal grammar framework implementation; (7) on-line generation of the malefactor's activity resulting from the reaction of the attacked network security system.