Towards a requirements-driven framework for detecting malicious behavior against software systems

Authors:
Hamzeh Zawawy;Kostas Kontogiannis;John Mylopoulos;Serge Mankovskii
Affiliations:
University of Waterloo, Waterloo, Canada;Natl. Technical University of Athens, Athens, Greece;University of Toronto, Toronto, Canada;CA Labs, Markham, Canada
Venue:
Proceedings of the 2011 Conference of the Center for Advanced Studies on Collaborative Research
Year:
2011

Citing 14
Cited 0

Goal-directed requirements acquisition

6IWSSD Selected Papers of the Sixth International Workshop on Software Specification and Design
Handling Obstacles in Goal-Oriented Requirements Engineering

IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Reasoning with Goal Models

ER '02 Proceedings of the 21st International Conference on Conceptual Modeling
Goal-directed elaboration of requirements for a meeting scheduler: problems and lessons learnt

RE '95 Proceedings of the Second IEEE International Symposium on Requirements Engineering
Elaborating Security Requirements by Construction of Intentional Anti-Models

Proceedings of the 26th International Conference on Software Engineering
Real-world learning with Markov logic networks

PKDD '04 Proceedings of the 8th European Conference on Principles and Practice of Knowledge Discovery in Databases
An automated approach to monitoring and diagnosing requirements

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Event Modeling and Recognition Using Markov Logic Networks

ECCV '08 Proceedings of the 10th European Conference on Computer Vision: Part II
Intrusion detection alarms reduction using root cause analysis and clustering

Computer Communications
Muse: Mapping Understanding and deSign by Example

ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Monitoring and Diagnosing Malicious Attacks with Autonomic Software

ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
From goals to high-variability software design

ISMIS'08 Proceedings of the 17th international conference on Foundations of intelligent systems
Log filtering and interpretation for root cause analysis

ICSM '10 Proceedings of the 2010 IEEE International Conference on Software Maintenance

Quantified Score

Hi-index	0.00

Visualization

Abstract

Root cause determination for software failures that occurred due to intentional or unintentional third party activities is a difficult and challenging task. In this paper, we propose a new technique for identifying the root causes of system failures stemming from external interventions that is based first, on modeling the conditions by which a system delivers its functionality utilizing goal models, second on modeling the conditions by which system functionality can be compromised utilizing anti-goal models, third representing logged data as well as, goal and anti-goal models as rules and facts in a knowledge base and fourth, utilizing a probabilistic reasoning technique that is based on the use of Markov Logic Networks. The technique is evaluated in a medium size COTS based system and the DARPA 2000 Intrusion Detection data set.