A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Structural Framework for Modeling Multi-Stage Network Attacks
ICPPW '02 Proceedings of the 2002 International Conference on Parallel Processing Workshops
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Trend Analysis of Exploitations
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Proceedings of the 2003 ACM workshop on Rapid malcode
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Representation and analysis of coordinated attacks
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Worm Propagation and Generic Attacks
IEEE Security and Privacy
Worm Origin Identification Using Random Moonwalks
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Ant system: optimization by a colony of cooperating agents
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
A model-based semi-quantitative approach for evaluating security of enterprise networks
Proceedings of the 2008 ACM symposium on Applied computing
Journal of Network and Computer Applications
Hi-index | 0.00 |
The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spacial characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender's standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.