Efforts toward automated detection and identification of multistep cyber attack scenarios would benefit significantly from a methodology and language for modeling such scenarios. The Correlated Attack Modeling Language (CAML) uses a modular approach, where a module represents an inference step and modules can be linked together to detect multistep scenarios. CAML is accompanied by a library of ...

Cyber attacks are becoming increasingly complex, especially when the target is a modern IT infrastructure, characterized by a layered architecture that integrates several security technologies such as firewalls and intrusion detection systems. These contexts can be violated by a multistep attack, that is a complex attack strategy that comprises multiple correlated intrusion activities. While a ...

A growing trend in the cybersecurity landscape is represented by multistep attacks that involve multiple correlated intrusion activities to reach the intended target. The duty of correlating security alerts and reconstructing complete attack scenarios is left to system administrators because current Network Intrusion Detection Systems (NIDS) are still oriented to generate alerts related to sing...

Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...

Smallpox virus, which is among the most dangerous organisms that might be used by bioterrorists, is not widely available. The international black market trade in weapons of mass destruction is probably the only means of acquiring the virus. Thus, only a terrorist supported by the resources of a rogue state would be able to procure and deploy smallpox. An attack using the virus would involve rel...

The biggest difficulty of hidden Markov model applied to multistep attack is the determination of observations. Now the research of the determination of observations is still lacking, and it shows a certain degree of subjectivity. In this regard, we integrate the attack intentions and hidden Markov model (HMM) and support a method to forecasting multistep attack based on hidden Markov model. Fi...

ly, an attack graph is a collection of scenarios showing how a malicious agent can compromise the integrity of a target system. Such graphs are a natural application of the scenario graph formalism defined in Chapter 2. With a suitable model of the system, we can use the techniques developed in Part I to generate attack graphs automatically. In this context, correctness properties specify the n...

Unintentional attacks on watermarking schemes lead to degrade the watermarking channel, while intentional attacks try to access the watermarking channel. Therefore, watermarking schemes should be robust and secure against unintentional and intentional attacks respectively. Usual security attack on watermarking schemes is the Known Message Attack (KMA). Most popular watermarking scheme with stru...

Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...