A requires/provides model for computer attacks

Authors:
Steven J. Templeton;Karl Levitt
Affiliations:
Dept. of Computer Science, University of California, Davis;Dept. of Computer Science, University of California, Davis
Venue:
Proceedings of the 2000 workshop on New security paradigms
Year:
2001

Citing 6
Cited 73

Practical Unix and Internet security (2nd ed.)

Practical Unix and Internet security (2nd ed.)
Tripwire: a case study in integrity monitoring

Internet besieged
NetSTAT: A Network-Based Intrusion Detection Approach

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions

IEEE Network: The Magazine of Global Internetworking

Natural language processing for information assurance and security: an overview and implementations

Proceedings of the 2000 workshop on New security paradigms
Ontology in information security: a useful theoretical foundation and methodological tool

Proceedings of the 2001 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis

Proceedings of the 9th ACM conference on Computer and communications security
Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
Learning attack strategies from intrusion alerts

Proceedings of the 10th ACM conference on Computer and communications security
Techniques and tools for analyzing intrusion alerts

ACM Transactions on Information and System Security (TISSEC)
Managing attack graph complexity through visual hierarchical aggregation

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
Hypothesizing and reasoning about attacks missed by intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits

Proceedings of the 12th ACM conference on Computer and communications security
Principles-driven forensic analysis

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
A framework for establishing, assessing, and managing trust in inter-organizational relationships

Proceedings of the 3rd ACM workshop on Secure web services
Modeling network intrusion detection alerts for correlation

ACM Transactions on Information and System Security (TISSEC)
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net

Computer Networks: The International Journal of Computer and Telecommunications Networking
Attack profiles to derive data observations, features, and characteristics of cyber attacks

Information-Knowledge-Systems Management
MulVAL: a logic-based network security analyzer

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An Approach to Model Network Exploitations Using Exploitation Graphs

Simulation
Large-scale collection and sanitization of network security data: risks and challenges

NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Forensic analysis of logs: Modeling and verification

Knowledge-Based Systems
Information Assurance: Dependability and Security in Networked Systems

Information Assurance: Dependability and Security in Networked Systems
BotHunter: detecting malware infection through IDS-driven dialog correlation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Two alternatives for handling preferences in qualitative choice logic

Fuzzy Sets and Systems
An OVAL-based active vulnerability assessment system for enterprise computer networks

Information Systems Frontiers
Case-oriented alert correlation

WSEAS Transactions on Computers
Real-Time Alert Correlation with Type Graphs

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Alert correlation survey: framework and techniques

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients

Proceedings of the 2009 ACM symposium on Applied Computing
Attacking the BitLocker Boot Process

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
A Scalable Approach to Full Attack Graphs Generation

ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A Method for Estimation of the Success Probability of an Intrusion Process by Considering the Temporal Aspects of the Attacker Behavior

Transactions on Computational Science IV
Reducing false positives in anomaly detectors through fuzzy alert aggregation

Information Fusion
A logic-based model to support alert correlation in intrusion detection

Information Fusion
Processing intrusion detection alert aggregates with time series modeling

Information Fusion
A Formal Approach for the Forensic Analysis of Logs

Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
Formal Technique for Discovering Complex Attacks in Computer Systems

Proceedings of the 2007 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the sixth SoMeT_07
Real-time alert correlation using stream data mining techniques

IAAI'08 Proceedings of the 20th national conference on Innovative applications of artificial intelligence - Volume 3
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts

Computer Communications
Towards Modelling Information Security with Key-Challenge Petri Nets

NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Alert correlation by a retrospective method

ICOIN'09 Proceedings of the 23rd international conference on Information Networking
Evaluating MAPSec by marking attack graphs

Wireless Networks
Analyzing intensive intrusion alerts via correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A stochastic model for intrusions

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Towards identifying true threat from network security data

PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Mining attack correlation scenarios based on multi-agent system

Proceedings of the 2007 conference on Human interface: Part I
On the use of different statistical tests for alert correlation: short paper

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Application of the pagerank algorithm to alarm graphs

ICICS'07 Proceedings of the 9th international conference on Information and communications security
Algebra for capability based attack correlation

WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Malware characterization through alert pattern discovery

LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
EVA: a framework for network analysis and risk assessment

LISA'09 Proceedings of the 23rd conference on Large installation system administration
Attack scenario recognition through heterogeneous event stream analysis

MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Validating and restoring defense in depth using attack graphs

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
The attackers' potential influence on the tactical assessments produced by standard alert correlation systems

NPSEC'05 Proceedings of the First international conference on Secure network protocols
Remodeling vulnerability information

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs

Computer Networks: The International Journal of Computer and Telecommunications Networking
Modeling active cyber attack for network vulnerability assessment

ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Requirements of information reductions for cooperating intrusion detection agents

ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Integrating IDS alert correlation and OS-Level dependency tracking

ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Supporting vulnerability awareness in autonomic networks and systems with OVAL

Proceedings of the 7th International Conference on Network and Services Management
Rule-based topological vulnerability analysis

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Analyzing vulnerabilities and measuring security level at design and exploitation stages of computer network life cycle

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A planner-based approach to generate and analyze minimal attack graph

Applied Intelligence
An efficient forensic evidence collection scheme of host infringement at the occurrence time

ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Toward hybrid attack dependency graphs

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Multi-layer episode filtering for the multi-step attack detection

Computer Communications
Analyzing multiple logs for forensic evidence

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Alert correlation using artificial immune recognition system

International Journal of Bio-Inspired Computation
A systematic process-model-based approach for synthesizing attacks and evaluating them

EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
E-NIPS: an event-based network intrusion prediction system

ISC'07 Proceedings of the 10th international conference on Information Security
Limitation of honeypot/honeynet databases to enhance alert correlation

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Multi-stage attack detection algorithm based on hidden markov model

WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Survey A model-based survey of alert correlation techniques

Computer Networks: The International Journal of Computer and Telecommunications Networking
A stochastic model of attack process for the evaluation of security metrics

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.01

A requires/provides model for computer attacks

Quantified Score

Visualization

Abstract