Janus: a two-sided analytical model for multi-stage coordinated attacks

Authors:
Zonghua Zhang;Pin-Han Ho;Xiaodong Lin;Hong Shen
Affiliations:
Department of Electrical and Computer Engineering, University of Waterloo, Ontario, Canada;Department of Electrical and Computer Engineering, University of Waterloo, Ontario, Canada;Department of Electrical and Computer Engineering, University of Waterloo, Ontario, Canada;Department of Computer and Mathematics, Manchester Metropolitan University, All Saints, Manchester, England
Venue:
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Year:
2006

Citing 16
Cited 2

A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Structural Framework for Modeling Multi-Stage Network Attacks

ICPPW '02 Proceedings of the 2002 International Conference on Parallel Processing Workshops
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Trend Analysis of Exploitations

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode
Techniques and tools for analyzing intrusion alerts

ACM Transactions on Information and System Security (TISSEC)
Representation and analysis of coordinated attacks

Proceedings of the 2003 ACM workshop on Formal methods in security engineering
A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)

Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Incentive-based modeling and inference of attacker intent, objectives, and strategies

ACM Transactions on Information and System Security (TISSEC)
An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks

IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Worm Propagation and Generic Attacks

IEEE Security and Privacy
Worm Origin Identification Using Random Moonwalks

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Constructing Multi-Layered Boundary to Defend Against Intrusive Anomalies: An Autonomic Detection Coordinator

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Ant system: optimization by a colony of cooperating agents

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

A model-based semi-quantitative approach for evaluating security of enterprise networks

Proceedings of the 2008 ACM symposium on Applied computing
Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spacial characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender's standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.