Implementing consistency checking in correlating attacks

Authors:
Kaushal Sarda;Duminda Wijesekera;Sushil Jajodia
Affiliations:
Capgemini, Mumbai, India;The Center for Secure Information Systems, George Mason University, Fairfax, VA;The Center for Secure Information Systems, George Mason University, Fairfax, VA
Venue:
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Year:
2004

Citing 3
Cited 0

Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Analyzing intensive intrusion alerts via correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Static analysis of attack sequences (a.k.a topological vulnerability analysis -TVA) studies sequences of attacks that can eventually lead to exploitable vulnerabilities in a network In models where the attacks are specified in terms of their preconditions and post conditions, the sequences that can be launched are those in which the post condition of the antecedent attack implies the precondition of the precedent attack We show a method of doing so, and show the drawbacks in omitting these checks in the CRIM [5]) model.