Situation Awareness of multistage cyber attacks by semantic event fusion

Proceedings - IEEE Military Communications Conference MILCOM

Volumn , Issue , 2010, Pages 1286-1291

  Mathew, Sunu ^a   Upadhyaya, Shambhu ^a   Sudit, Moises ^a   Stotz, Adam ^b  

^a University at Buffalo ^*  (United States)

^b CUBRC   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CYBER-ATTACKS; DATA SETS; EVENT CORRELATION; EVENT STREAMS; HETEROGENEOUS SENSORS; MODELING APPROACH; MULTI-STAGE ATTACK; NETWORK CONNECTIVITY; RECOGNITION SYSTEMS; SEMANTIC EVENT; SITUATION AWARENESS;

CRIME; MILITARY COMMUNICATIONS; SECURITY OF DATA; SEMANTICS;

COMPUTER CRIME;

EID: 79951657380     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/MILCOM.2010.5680121     Document Type: Conference Paper

References (17)

1. S. Cheung, U. Lindqvist, and M. Fong. Modeling multistep cyber attacks for scenario recognition. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX III), pages 284-292, Washington, DC, USA, 2003.
2. F. Cuppens. Managing Alerts in a Multi-Intrusion Detection Environment. In ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference, page 22, Washington, DC, USA, 2001.
3. F. Cuppens and R. Ortalo. LAMBDA: A Language to Model a Database for Detection of Attacks. In Proceedings of Recent Advances in Intrusion Detection, pages 197-216, Toulose, France, 2000.
4. O. Dain and R. Cunningham. Fusing a Heterogeneous Alert Stream into Scenarios. In Proceedings of the ACM Workshop on Data Mining for Security Applications, pages 1-13, Philadelphia, PA, USA, 2001.
5. S. Eckmann, G. Vigna, and R. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71-104, 2002.
6. M. R. Endsley. Situation Awareness Global Assessment Technique (SAGAT). In Proceedings of the National Aerospace and Electronics Conference (NAECON), pages 789-795, 1988.
7. J. Haines, D. Ryder, L. Tinnel, and S. Taylor. Validation of Sensor Alert Correlators. IEEE Security and Privacy, 2003.
8. S. Jajodia, P. Liu, V. Swarup, and C. Wang. Cyber Situational Awareness. Advances in Information Security, Springer, 2010.
9. K. Julisch. Clustering Intrusion Detection Alarms to support Root Cause Analysis. ACM Transactions on Information and System Security, 6(4):443-471, 2003.
10. S. Manganaris, M. Christensen, D. Zerkle, and K. Hermiz. A Data Mining Analysis of RTID Alarms. Computer Networks, 34:571-577, 2000.
11. S. Mathew, D. Britt, R. Giomundo, S. J. Upadhyaya, M. Sudit, and A. Stotz. Real-time Multistage Attack Awareness through Enhanced Intrusion Alert Clustering. In Proceedings of the Military Communications Conference (IEEE MILCOM), volume 3, pages 1801-1806, Atlantic City, NJ, USA, 2005.
12. P. Ning, Y. Cui, D. Reeves, and D. Xu. Techniques and Tools for Analyzing Intrusion Alerts. ACM Transactions on Information and System Security (TISSEC), 7(2):274-318, 2004.
13. P. Ning and D. Xu. Hypothesizing and reasoning about attacks missed by intrusion detection systems. ACM Transactions on Information and System Security (TISSEC), 7(4):591-627, 2004. (Pubitemid 40302700)
14. The Stakkato incident aka Case 216: http://www.nsc.liu.se/ nixon/stakkato.pdf.
15. S. Staniford, J. Hoagland, and J. McAlerney. Practical Automated Detection of Stealthy Portscans. Journal of Computer Security, 10(1/2):105-136, 2002. (Pubitemid 34531414)
16. R. Stapleton-Gray and S. Gorton. Rendering the Elephant: Characterizing Sensitive Networks for an Uncleared Audience. In Proceedings of the IEEE International Information Assurance Workshop, pages 208-214, West Point, NY, USA, 2006.
17. S. Templeton and K. Levitt. A Requires/Provides Model for Computer Attacks. In NSPW '00 - Proceedings of the 2000 Workshop on New Security Paradigms, pages 31-38, Ballycotton, County Cork, Ireland, 2000.