Attack Plan Recognition and Prediction Using Causal Networks. Qin, X., Lee, W., Xinzhou Qin, & Wenke Lee 20th Annual Computer Security Applications Conference, Ieee, 2004.
Paper doi abstract bibtex Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.
@article{Qin2004,
abstract = {Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.},
author = {Qin, Xinzhou and Lee, Wenke and {Xinzhou Qin} and {Wenke Lee}},
doi = {10.1109/CSAC.2004.7},
isbn = {0-7695-2252-1},
issn = {1063-9527},
journal = {20th Annual Computer Security Applications Conference},
keywords = {Bayesian Network-based Security Analysis},
pages = {370--379},
publisher = {Ieee},
shorttitle = {Computer Security Applications Conference, 2004. 2},
title = {{Attack Plan Recognition and Prediction Using Causal Networks}},
url = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1377244},
year = {2004}
}
Downloads: 0
{"_id":{"_str":"535ed25a97e559e8210004e3"},"__v":1,"authorIDs":[],"author_short":["Qin, X.","Lee, W.","Xinzhou Qin","Wenke Lee"],"bibbaseid":"qin-lee-xinzhouqin-wenkelee-attackplanrecognitionandpredictionusingcausalnetworks-2004","bibdata":{"bibtype":"article","type":"article","abstract":"Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.","author":[{"propositions":[],"lastnames":["Qin"],"firstnames":["Xinzhou"],"suffixes":[]},{"propositions":[],"lastnames":["Lee"],"firstnames":["Wenke"],"suffixes":[]},{"firstnames":[],"propositions":[],"lastnames":["Xinzhou Qin"],"suffixes":[]},{"firstnames":[],"propositions":[],"lastnames":["Wenke Lee"],"suffixes":[]}],"doi":"10.1109/CSAC.2004.7","isbn":"0-7695-2252-1","issn":"1063-9527","journal":"20th Annual Computer Security Applications Conference","keywords":"Bayesian Network-based Security Analysis","pages":"370--379","publisher":"Ieee","shorttitle":"Computer Security Applications Conference, 2004. 2","title":"Attack Plan Recognition and Prediction Using Causal Networks","url":"http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1377244","year":"2004","bibtex":"@article{Qin2004,\nabstract = {Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's grand challenge problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.},\nauthor = {Qin, Xinzhou and Lee, Wenke and {Xinzhou Qin} and {Wenke Lee}},\ndoi = {10.1109/CSAC.2004.7},\nisbn = {0-7695-2252-1},\nissn = {1063-9527},\njournal = {20th Annual Computer Security Applications Conference},\nkeywords = {Bayesian Network-based Security Analysis},\npages = {370--379},\npublisher = {Ieee},\nshorttitle = {Computer Security Applications Conference, 2004. 2},\ntitle = {{Attack Plan Recognition and Prediction Using Causal Networks}},\nurl = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1377244},\nyear = {2004}\n}\n","author_short":["Qin, X.","Lee, W.","Xinzhou Qin","Wenke Lee"],"key":"Qin2004","id":"Qin2004","bibbaseid":"qin-lee-xinzhouqin-wenkelee-attackplanrecognitionandpredictionusingcausalnetworks-2004","role":"author","urls":{"Paper":"http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1377244"},"keyword":["Bayesian Network-based Security Analysis"],"downloads":0},"bibtype":"article","biburl":"https://dl.dropboxusercontent.com/u/14215034/bibs/bibs/A-List-bb.bib","downloads":0,"keywords":["bayesian network-based security analysis"],"search_terms":["attack","plan","recognition","prediction","using","causal","networks","qin","lee","xinzhou qin","wenke lee"],"title":"Attack Plan Recognition and Prediction Using Causal Networks","year":2004,"dataSources":["jGrSs2aYARmRcupKy"]}