Intrusion diagnosis and prediction with expert system

Security and Communication Networks

Volumn 4, Issue 12, 2011, Pages 1483-1494

  Liu, Xuejiao ^a   Fang, Chengfang ^b   Xiao, Debao ^a  

^a HANGZHOU NORMAL UNIVERSITY   (China)

^b NATIONAL UNIVERSITY OF SINGAPORE   (Singapore)

Author keywords

Attack graph; Attack prediction; Certainty factor; Intrusion diagnosis

Indexed keywords

EXPERT SYSTEMS; FORECASTING; INTRUSION DETECTION; NETWORK SECURITY;

ATTACK GRAPH; ATTACK PREDICTION; CERTAINTY FACTORS; INTRUSION DETECTION SYSTEMS; NETWORK ADMINISTRATOR; NETWORK DIAGNOSIS; NETWORK STATUS; POTENTIAL ATTACK;

COMPUTER CRIME;

EID: 81855168291     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.293     Document Type: Article

References (40)

1. Ghosh SK, Bhattacharya S, Malhotra S. An attack graph based approach for threat identification of an enterprise network. Cyber-security and Global Information Assurance: Threat Analysis and Response Solutions 2009; pp. 23-45.
2. Noel S, Jajodia S, O'Berry B, Jacobs M. Efficient minimum-cost network hardening via exploit dependency graphs. In Proceedings of the 19nd Annual Computer Security Applications Conference, 2003; pp. 86-95.
3. Cordón O, del Jesus MJ, Herrera F. A proposal on reasoning methods in fuzzy rule-based classification systems. International Journal of Approximate Reasoning 1999; 20(1): 21-45.
4. Tung YH, Tseng SS, Weng JF, Lee TP, Liao AYH, Tsai WN. A rule-based cbr approach for expert finding and problem diagnosis. Expert Systems with Applications 2010; 37(3): 2427-2438.
5. Elsaesser C, Tanner MC. Automated diagnosis for computer forensics, 2001.
6. Strunk JD, Goodson GR, Pennington AG, Soules CAN, Ganger GR. Intrusion detection, diagnosis, and recovery with self-securing storage. School of Computer Science Carnegie Mellon University, PA, 2002; 15213.
7. Geib CW, Goldman RP. Plan recognition in intrusion detection systems. In DARPA Information Survivability Conference and Exposition, 2001; pp. 46-55.
8. Qin X, Lee W. Attack plan recognition and prediction using causal networks. In Proceedings of the 20nd Annual Computer Security Applications Conference, 2004; pp. 370-379.
9. Ingols K, Lippmann R, Piwowarski K. Practical attack graph generation for network defense. In Proceedings of the 22nd Annual Computer Security Applications Conference, 2006; pp. 121-130.
10. Ning P, Cui Y, Reeves DS, Xu D. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security 2004; 7(2): 318.
11. Noel S, Jajodia S. Managing attack graph complexity through visual hierarchical aggregation. In Proceedings of ACM workshop on Visualization and Data Mining for Computer Security, 2004; pp. 109-118.
12. Noel S, Jajodia S. Optimal ids sensor placement and alert prioritization using attack graphs. Journal of Network and Systems Management 2008; 16(3): 259-275.
13. Ou X, Boyer WF, Mc Queen MA. A scalable approach to attack graph generation. In Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006; pp. 336-345.
14. Sheyner OM. Scenario graphs and attack graphs. PhD Thesis, 2004.
15. Watson I, Marir F. Case-based reasoning: a review. The Knowledge Engineering Review 2009; 9(04): 327-354.
16. Duffield N, Haffner P, Krishnamurthy B, Ringberg H. Rule-based anomaly detection on ip flows. In Proceedings of the 28th IEEE International Conference on Computer Communications, 2009; pp. 424-432.
17. Tongaonkar A, Vasudevan S, Sekar R. Fast packet classification for snort by native compilation of rules. In Proceedings of the 22nd Conference on Large Installation System Administration Conference, 2008; pp. 159-165.
18. Ishibuchi H, Yamamoto T. Rule weight specification in fuzzy rule-based classification systems. IEEE Transactions on Fuzzy Systems 2005; 13(4): 428-435.
19. Mansoori EG, Zolghadri MJ, Katebi SD. A weighting function for improving fuzzy classification systems performance. Fuzzy Sets and Systems 2007; 158(5): 583-591.
20. Buchanan BG, Shortliffe EH. Rule-based Expert Systems. Addison-Wesley: Reading, MA, 1984.
21. Heckerman DE, Shortliffe EH. From certainty factors to belief networks. Artificial Intelligence in Medicine 1992; 4(1): 35-52.
22. Klir GJ, Yuan B. Fuzzy Sets and Fuzzy Logic: Theory and Applications. Prentice Hall: Upper Saddle River, NJ, 1995.
23. Jackson P. Introduction to Expert Systems. Addison-Wesley Longman Publishing Co., Inc.: Boston, MA, USA, 1998.
24. CVSS. Common vulnerability scoring system.
25. Wang L, Islam T, Long T, Singhal A, Jajodia S. An attack graph-based probabilistic security metric. Data and Applications Security XXII, 2008; pp. 283-296.
26. Ammann P, Pamula J, Ritchey R, Street J. A host-based approach to network attack chaining analysis. In Proceedings of the 21th Annual Computer Security Applications Conference, 2005; pp. 72-84.
27. Hewett R, Kijsanayothin P. Host-centric model checking for network vulnerability analysis. In Proceedings of the 24th Annual Computer Security Applications Conference, 2008; pp. 225-234.
28. Ou X, Rajagopalan SR, Sakthivelmurugan S. An empirical approach to modeling uncertainty inintrusion analysis. In Proceedings of the 25th Annual Computer Security Applications Conference, 2009; pp. 494-503.
29. Xie AM, Cai Z, Tang C, Hu J, Chen Z. Evaluating network security with two-layer attack graphs. In Proceedings of the 25th Annual Computer Security Applications Conference, 2009; pp. 127-136.
30. Ammann P, Wijesekera D, Kaushik S. Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002; pp. 217-224.
31. Phillips C, Swiler LP. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 workshop on New security paradigms, 1998; pp. 71-79.
32. Sawilla R, Ou X. Identifying critical attack assets in dependency attack graphs. In Proceedings of the 13th European Symposium on Research in Computer Security, 2008; pp. 18-34.
33. Jajodia S, Noel S. Topological vulnerability analysis: a powerful new approach for network attack prevention, detection, and response. Algorithms, Architectures and Information Systems Security, Statistical Science and Interdisciplinary Research - Vol. 3, 2009; 285-305.
34. Snort. An open source network intrusion system.
35. Qu W, Shirai K. Belief learning in certainty factor model and its application to text categorization. In Proceedings of the 2003 Joint Conference of the 4th International Conference on Information, Communications and Signal Processing, 2003 and the 4th Pacific Rim Conference on Multimedia, 2003; volume 2, pp. 1192-1196.
36. DAPRA. Dapra intrusion detection evaluation datasets 2000.
37. Alsubhi K, Al-Shaer E, Boutaba R. Alert prioritization in intrusion detection systems. In IEEE Network Operations and Management Symposium, 2008; pp. 33-40.
38. Ren H, Stakhanova N, Ghorbani A. An online adaptive approach to alert correlation. In Proceedings of the 7th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2010; pp. 153-172.
39. Wang L, Liu A, Jajodia S. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications, 2006; 29(15): 2917-2933.
40. Tcpdump File Replay Utility. Netpoke.