Cyber security analysis using attack countermeasure trees
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Modeling active cyber attack for network vulnerability assessment
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Through the description of attacks: a multidimensional view
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Developing an insider threat model using functional decomposition
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Janus: a two-sided analytical model for multi-stage coordinated attacks
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
| Hi-index | 0.00 |
Incidents such as Solar Sunrise and Nimda demonstrate the need to expressively model distributed and complex network attacks. To protect information systems, system administrators must be able to represent vulnerabilities in a way that lends itself to correlation, analysis, and prediction.State of the art intrusion detection and attack analysis systems struggle to effectively represent sophisticated attacks. Strategic models express exploits as goal-oriented attack trees. Attack trees represent adversarial behavior by connecting events in 'AND'-'OR' tree structures. However, these structures need to be enhanced and expressed in a formal manner in order to adequately represent the complexity of recent cyber attacks. This paper provides a methodology for capturing the structure of various network vulnerabilities and multi-stage attacks. By extending the attack tree paradigm, we provide a context sensitive attack modeling framework that, through abstraction, supports incident correlation, analysis, and prediction.