Using attack trees to identify malicious attacks from authorized insiders

Authors:
Indrajit Ray;Nayot Poolsapassit
Affiliations:
Colorado State University, Fort Collins, CO;Colorado State University, Fort Collins, CO
Venue:
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Year:
2005

Citing 5
Cited 10

A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis

Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy

Optimal security hardening using multi-objective optimization on attack tree models of networks

Proceedings of the 14th ACM conference on Computer and communications security
An Opinion Model for Evaluating Malicious Activities in Pervasive Computing Systems

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts

Computer Communications
Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Modeling and analyzing faults to improve election process robustness

EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Estimating accuracy of mobile-masquerader detection using worst-case and best-case scenario

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Mitigation of malicious modifications by insiders in databases

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Decentralized semantic threat graphs

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Accepting the inevitable: factoring the user into home computer security

Proceedings of the third ACM conference on Data and application security and privacy
Attributed multi-objective comprehensive learning particle swarm optimization for optimal security of networks

Applied Soft Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

A major concern for computer systems security is the threat from malicious insiders who execute perfectly legitimate operations to compromise system security. Unfortunately, most currently available intrusion detection systems (which include anomaly and misuse detection systems) fail to address this problem in a comprehensive manner. In this work we propose a framework that uses an attack tree to identify malicious activities from authorized insiders. We develop algorithms to generate minimal forms of attack tree customized for each user such that it can be used efficiently to monitor the user's activities. If the user's activities progress sufficiently up along the branches of the attack tree towards the goal of system compromise, we generate an alarm. Our system is not intended to replace existing intrusion detection and prevention technology, but rather is intended to complement current and future technology.