A structural framework for modeling multi-stage network attacks
ICPP Workshops(2002)
Abstract
Incidents such as Solar Sunrise and Nimda demonstrate the need to expressively model distributed and complex network attacks. To protect information systems, system administrators must be able to represent vulnerabilities in a way that lends itself to correlation, analysis, and prediction. State of the art intrusion detection and attack analysis systems struggle to effectively represent sophisticated attacks. Strategic models express exploits as goal-oriented attack trees. Attack trees represent adversarial behavior by connecting events in 'AND'-'OR' tree structures. However these structures need to be enhanced and expressed in a formal manner in order to adequately represent the complexity of recent cyber attacks. This paper provides a methodology for capturing the structure of various network vulnerabilities and multi-stage attacks. By extending the attack tree paradigm, we provide a context sensitive attack modeling framework that, through abstraction, supports incident correlation, analysis, and prediction.
MoreTranslated text
Key words
attack analysis systems,attack analysis systems struggle,intrusion detection,information systems,complex network attacks,solar sunrise,structural framework,goal-oriented attack trees,tree data structures,complex network attack,multi-stage network attack modeling,sophisticated attack,context sensitive attack modeling,computer networks,modeling multi-stage network attacks,incident correlation,goal-oriented attack tree,nimda,attack tree paradigm,multi-stage attack,attack tree,telecommunication security,recent cyber attack,cyber attacks,security of data,tree structure,predictive models,context modeling,complex network,goal orientation,information analysis,information system,network topology
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined