A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Optimal security hardening using multi-objective optimization on attack tree models of networks
Proceedings of the 14th ACM conference on Computer and communications security
An Opinion Model for Evaluating Malicious Activities in Pervasive Computing Systems
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Modeling and analyzing faults to improve election process robustness
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Estimating accuracy of mobile-masquerader detection using worst-case and best-case scenario
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Mitigation of malicious modifications by insiders in databases
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Decentralized semantic threat graphs
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Accepting the inevitable: factoring the user into home computer security
Proceedings of the third ACM conference on Data and application security and privacy
Hi-index | 0.00 |
A major concern for computer systems security is the threat from malicious insiders who execute perfectly legitimate operations to compromise system security. Unfortunately, most currently available intrusion detection systems (which include anomaly and misuse detection systems) fail to address this problem in a comprehensive manner. In this work we propose a framework that uses an attack tree to identify malicious activities from authorized insiders. We develop algorithms to generate minimal forms of attack tree customized for each user such that it can be used efficiently to monitor the user's activities. If the user's activities progress sufficiently up along the branches of the attack tree towards the goal of system compromise, we generate an alarm. Our system is not intended to replace existing intrusion detection and prevention technology, but rather is intended to complement current and future technology.