|
Title:
|
ATTACK CORRELATION AND PREDICTION SYSTEM BASED ON POSSIBILISTIC NETWORKS |
|
Author(s):
|
Farah Jemili , Montaceur Zaghdoud , Mohamed Ben Ahmed |
|
ISBN:
|
978-972-8924-56-0 |
|
Editors:
|
Nuno Guimarães and Pedro Isaías |
|
Year:
|
2008 |
|
Edition:
|
Single |
|
Keywords:
|
Attack, correlation, prediction, possibilistic networks. |
|
Type:
|
Full Paper |
|
First Page:
|
125 |
|
Last Page:
|
132 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Correlating security alerts and discovering attack strategies are important and challenging tasks for security analysts.
Recently, there have been several proposals of attack plans recognition. Most of the proposed approaches focus on the
aggregation and analysis of raw security alerts, and build basic or low level attack scenarios. However, in security
context, we cannot always observe all of the attackers activities, and often can only detect incomplete attack steps due to
the limitation or deployment of security sensors. Therefore, the attack plan recognition system should have the capability
of dealing with partial order and unobserved activities. In this paper we propose an approach based on possibilistic
reasoning to correlate attack scenarios and identify their relationship. Based on the correlation results, we further apply
inference to recognize the attack plans and predict upcoming attacks. The main advantage of the use of possibilistic
networks in our work is that they can handle directly imprecise, i.e. set-valued, information. |
|
|
|
|
|
|
