Model-based ambient analysis of human task execution
Proceedings of the 1st international conference on PErvasive Technologies Related to Assistive Environments
An Intrusion Plan Recognition Algorithm Based on Max-1-Connected Causal Networks
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part IV: ICCS 2007
Continuous Time Bayesian Networks for Host Level Network Intrusion Detection
ECML PKDD '08 Proceedings of the European conference on Machine Learning and Knowledge Discovery in Databases - Part II
An Ambient Agent Model Exploiting Workflow-Based Reasoning to Recognize Task Progress
AmI '08 Proceedings of the European Conference on Ambient Intelligence
An Ambient Intelligent Agent with Awareness of Human Task Execution
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 02
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
An intrusive intention recognition model based on network security states graph
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Processing multi-parameter attacktrees with estimated parameter values
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Typed linear chain conditional random fields and their application to intrusion detection
IDEAL'10 Proceedings of the 11th international conference on Intelligent data engineering and automated learning
The automated understanding of simple bar charts
Artificial Intelligence
Intrusion detection using continuous time Bayesian networks
Journal of Artificial Intelligence Research
Boosting performance in attack intention recognition by integrating multiple techniques
Frontiers of Computer Science in China
Nexat: a history-based approach to predict attacker actions
Proceedings of the 27th Annual Computer Security Applications Conference
An intelligent agent model with awareness of workflow progress
Applied Intelligence
Risk-Based models of attacker behavior in cybersecurity
SBP'13 Proceedings of the 6th international conference on Social Computing, Behavioral-Cultural Modeling and Prediction
A stochastic model of attack process for the evaluation of security metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's Grand Challenge Problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.