Attack Plan Recognition and Prediction Using Causal Networks. Qin, X., Lee, W., Xinzhou Qin, & Wenke Lee 20th Annual Computer Security Applications Conference, Ieee, 2004.
Attack Plan Recognition and Prediction Using Causal Networks [link]Paper  doi  abstract   bibtex   
Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.
@article{Qin2004,
abstract = {Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.},
author = {Qin, Xinzhou and Lee, Wenke and {Xinzhou Qin} and {Wenke Lee}},
doi = {10.1109/CSAC.2004.7},
isbn = {0-7695-2252-1},
issn = {1063-9527},
journal = {20th Annual Computer Security Applications Conference},
keywords = {Bayesian Network-based Security Analysis},
pages = {370--379},
publisher = {Ieee},
shorttitle = {Computer Security Applications Conference, 2004. 2},
title = {{Attack Plan Recognition and Prediction Using Causal Networks}},
url = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1377244},
year = {2004}
}

Downloads: 0