Towards a requirements-driven framework for detecting malicious behavior against software systems

Root cause determination for software failures that occurred due to intentional or unintentional third party activities is a difficult and challenging task. In this paper, we propose a new technique for identifying the root causes of system failures stemming from external interventions that is based first, on modeling the conditions by which a system delivers its functionality utilizing goal models, second on modeling the conditions by which system functionality can be compromised utilizing anti-goal models, third representing logged data as well as, goal and anti-goal models as rules and facts in a knowledge base and fourth, utilizing a probabilistic reasoning technique that is based on the use of Markov Logic Networks. The technique is evaluated in a medium size COTS based system and the DARPA 2000 Intrusion Detection data set. Copyright c © 2011 Hamzeh Zawawy, Kostas Kontogiannis, John Mylopoulos and Serge Mankovskii. Permission to copy is hereby granted provided the original copyright notice is reproduced in copies made.