Understanding multistage attacks by attack-track based visualization of heterogeneous event streams
Proceedings of the 3rd international workshop on Visualization for computer security
Modeling of information system correlated events time dependencies
NOTERE '08 Proceedings of the 8th international conference on New technologies in distributed systems
A dynamic fusion approach for security situation assessment
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Computer network defence situational awareness information requirements
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Janus: a two-sided analytical model for multi-stage coordinated attacks
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Recent incidents in the cyber world strongly suggest that coordinated multistage cyber attacks are quite feasible and that effective countermeasures need to be developed. Attack detection by correlation and fusion of intrusion alerts has been an active area of current research. However, most of these research efforts focus on ex post facto analysis of alert data to uncover related attacks. In this paper, we present an approach for dynamically calculating ýScenario Credibilitiesý based on the state of a live intrusion alert stream. We also develop a framework for Attack Scenario representation that facilitates real-time fusion of intrusion alerts and calculation of the scenario credibility values. Our approach provides a usable mechanism for detecting, predicting and reasoning about multistage goal-oriented attacks in real time. The details of the fusion framework and a description of multistage attack detection using this framework are presented in this paper.