An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks

Mathew, Sunu; Shah, Chintan; Upadhyaya, Shambhu

doi:10.1109/iwia.2005.3

Cited by 20 publications

(15 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This will end up with uncertainty reduction in threat pattern identification and increasing understanding of the system. In figure 8, three phases of recognition, identification, representation and real-time processing of complex event in an advanced cyber threat recognition and identification system are shown [9,11]. …”

Section: Complex Event Processing Based On Data Fusionmentioning

confidence: 99%

“…In this kind of fusion which is the high level of fusion, decision composition is done by multiple fault independent classifiers (with the same identification problem). Also, decision fusion using multiple individual attributes which reflect different features of a threat and are gained by different sensors from different cyber space or by different agents in cyber defense systems, improve the identification accuracy of a single classifier [11,13].…”

Section: Evidential Fusion For Improvement Of Cyber Threat Pattern Rementioning

confidence: 99%

See 1 more Smart Citation

Multi-level Fusion To Improve Threat Pattern Recognition In Cyber Defense

Rashidi¹,

Ahmadi²,

Jafari³

2014

J. Math. Computer Sci.

View full text Add to dashboard Cite

Considering fast growth of internet and related network infrastructures, it is important to detect the intrusion and respond to it in a timely manner. Network intrusion can make vital information systems and communication networks inaccessible and imposes high cost of communication infrastructures. In order to gain high degrees of success in providing services, current and future generation of networking and internet technologies, require a set of tools to analyze the network and to detect the threats and intrusion in network. Due to main weakness in terms of high rate of false alarms and low accuracy of detection, by which cyber space detection and identification systems are opposed, fusion theory in decision level provides a new method for data analysis from multiple nodes in order to increase the possibility of intrusion detection through improving pattern recognition. This paper aims to present a novel method of fusion in decision level based on complex event processing and show how this method would be successful in exposing cyber threats for timely response.

show abstract

Section: Complex Event Processing Based On Data Fusionmentioning

confidence: 99%

Section: Evidential Fusion For Improvement Of Cyber Threat Pattern Rementioning

confidence: 99%

Multi-level Fusion To Improve Threat Pattern Recognition In Cyber Defense

Rashidi¹,

Ahmadi²,

Jafari³

2014

J. Math. Computer Sci.

View full text Add to dashboard Cite

show abstract

“…Attack Graphs have been shown to have quadratic complexity with exploit based representations under reasonable assumptions [1]. This exploit based representation has been used in [6], [13], [11] and others, but practical implementation is still problematic. Exhuastive enumeration of all possible exploits for different platforms is required and one needs to have all possible combinations of exploits represented in the graph; something that may not be feasible as this information requires experimental evaluation in many cases.…”

Section: Introductionmentioning

confidence: 99%

Understanding multistage attacks by attack-track based visualization of heterogeneous event streams

Mathew

Giomundo

Upadhyaya

et al. 2006

Proceedings of the 3rd International Workshop on Visualization for Computer Security

Self Cite

View full text Add to dashboard Cite

In this paper, we present a method of handling the visualization of hetereogeneous event traffic that is generated by intrusion detection sensors, log files and other event sources on a computer network from the point of view of detecting multistage attack paths that are of importance. We perform aggregation and correlation of these events based on their semantic content to generate Attack Tracks that are displayed to the analyst in real-time. Our tool, called the Event Correlation for Cyber-Attack Recognition System (EC-CARS) enables the analyst to distinguish and separate an evolving multistage attack from the thousands of events generated on a network. We focus here on presenting the environment and framework for multistage attack detection using ECCARS along with screenshots that demonstrate its capabilities.

show abstract

“…Several schemes have been proposed for Intrusion Detection System (IDS) alert correlation including a framework for real-time attack scenario detection by ¡ Research supported in part by Alion Science and Technology subcontract F30602-03-C-0245 from ARDA and AFRL programs the authors in [2]. The primary (and often, the only) source of alerts in most networks is the open source sensor Snort [11].…”

Section: Introductionmentioning

confidence: 99%

“…This provides the analyst with the necessary information to be able to take time-critical decisions without being overwhelmed by the volume of alerts. This alert categorization method is incorporated into the alert fusion system presented by the authors in [2]. We demonstrate the utility of the approach in enhancing the output of the fusion engine and in providing improved Situation Awareness by testing with actual multistage attack scenarios.…”

Section: Introductionmentioning

confidence: 99%