Attack plan recognition and prediction using causal networks
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference(2004)
摘要
Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.
更多查看译文
关键词
probabilistic inference,attack scenario analysis,intrusion detection,security management,security alert correlation,inference mechanisms,isolated attack scenario,attack scenario,correlation theory,low-level alert correlation,attack plan recognition,future attack,attack scenario analysis.,attack strategy,alert correlation,grand challenge problem,casual networks,potential attack,causal networks,observed attack activity,security of data,scenario analysis
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要