Modeling Multistep Cyber Attacks for Scenario Recognition
نویسندگان
چکیده
Efforts toward automated detection and identification of multistep cyber attack scenarios would benefit significantly from a methodology and language for modeling such scenarios. The Correlated Attack Modeling Language (CAML) uses a modular approach, where a module represents an inference step and modules can be linked together to detect multistep scenarios. CAML is accompanied by a library of predicates, which functions as a vocabulary to describe the properties of system states and events. The concept of attack patterns is introduced to facilitate reuse of generic modules in the attack modeling process. CAML is used in a prototype implementation of a scenario recognition engine that consumes first-level security alerts in real time and produces reports that identify multistep attack scenarios discovered in the alert stream.
منابع مشابه
Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning
In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. A security analyst is in charge of observing the online operations of a corporate network (e.g., an online retail company with an external webserver and an internal fileserver) from threats of random or organized cyber-attacks. The current work describes a cognitive Instance-based Learning (IBL...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملAn Effective Attack-Resilient Kalman Filter-Based Approach for Dynamic State Estimation of Synchronous Machine
Kalman filtering has been widely considered for dynamic state estimation in smart grids. Despite its unique merits, the Kalman Filter (KF)-based dynamic state estimation can be undesirably influenced by cyber adversarial attacks that can potentially be launched against the communication links in the Cyber-Physical System (CPS). To enhance the security of KF-based state estimation, in this paper...
متن کاملCyber-Attack Detection: Modelling the Effects of Similarity and Scenarios
Cyber attacks, the disruption of normal functioning of computers in a network due to malicious events (threats), are becoming widespread. The role of security analysts, who are tasked with protecting networks by accurately and timely detecting cyber attacks, is becoming important. However, currently little is known on how certain cognitive and environmental factors might influence the analyst’s...
متن کاملDefending Cyber Terrorism - A Game Theoretic Modeling Approach
In this work we attempt to develop a game theoretic model that can indicate the nuances of strategic investments in the face of possible cyber terrorist attacks. First, we briefly review the literature on terrorism. Second, we identify the „cyber‟ factors in terrorism, and how this new mode of attack alters the general scenario. Then, beginning with a naïve counter terrorism model, we increment...
متن کامل