State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach
Proceedings of the 2001 workshop on New security paradigms
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Secure Computers and Networks: Analysis, Design, and Implementation
Secure Computers and Networks: Analysis, Design, and Implementation
QoS-Centric Stateful Resource Management in Information Systems
Information Systems Frontiers
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
A data mining approach for database intrusion detection
Proceedings of the 2004 ACM symposium on Applied computing
Detecting malicious software by monitoring anomalous windows registry accesses
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Probabilistic techniques for intrusion detection based on computer audit data
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
| Hi-index | 0.00 |
Existing techniques for cyber attack detection rely mainly on activity data from computers and networks. Little consideration has been given to other kinds of data in the cause-effect chains of attacks. Adding state and performance data may reveal elements on computers and networks that are affected by a cyber attack, thus providing a more accurate, complete picture of an attack. This paper presents a System-Fault-Risk framework that defines elements involved in the cause-effect chain of an attack. The SFR framework combines system and fault modeling, and risk assessment methods. It is employed to analyze known cyber attacks and derive profiles that define activity, state and performance data in cause-effect chains, features of those data, and characteristics of those features that enable attack detection. The profiles derived from specific attacks are generalized and compared with those reported in other studies to illustrate a set of novel data, features and characteristics.