From Monitoring Templates to Security Monitoring and Threat Detection

“…The process of defining analysis goals may require domain knowledge and skill in building and analysing models. However, the process can be partially or fully automated by following the pattern-based approach proposed of [11]. [11] uses the Formal Template Language [19], [13] to represent patterns of EC models together with their associated security monitoring goals.…”

“…However, the process can be partially or fully automated by following the pattern-based approach proposed of [11]. [11] uses the Formal Template Language [19], [13] to represent patterns of EC models together with their associated security monitoring goals. [11] defines templates of such goals that are of the security violation type, but patterns of suspicious goals can also be defined if we know in advance what can arouse suspicion.…”

“…The approach presented here emerges from its preceding work on threat detection [11]. [11] uses an EC model of requirements and planning to find threats at run-time.…”

“…[11] uses an EC model of requirements and planning to find threats at run-time. In [11], however, the goals used to detect threats are more rigid than the ones used here; they say with absolute certainty whether there is an attack or not when the goal is satisfied. In the approach presented here, there is no certainty of attack if a suspicious goal is satisfied, the plans that reach the goal just give us threats (possible attacks).…”

“…It would be possible to incorporate our approach based on suspicion as a strategy in looking for threats at run-time. Then, the probabilistic component of such a system (like the one of [11]) would try to assign a probability to the computed threats. Here we use suspicion to look for threats in requirements to avoid systems with security vulnerabilities.…”

Suspicion-Driven Formal Analysis of Security Requirements

“…The process of defining analysis goals may require domain knowledge and skill in building and analysing models. However, the process can be partially or fully automated by following the pattern-based approach proposed of [11]. [11] uses the Formal Template Language [19], [13] to represent patterns of EC models together with their associated security monitoring goals.…”

“…However, the process can be partially or fully automated by following the pattern-based approach proposed of [11]. [11] uses the Formal Template Language [19], [13] to represent patterns of EC models together with their associated security monitoring goals. [11] defines templates of such goals that are of the security violation type, but patterns of suspicious goals can also be defined if we know in advance what can arouse suspicion.…”

“…The approach presented here emerges from its preceding work on threat detection [11]. [11] uses an EC model of requirements and planning to find threats at run-time.…”

“…[11] uses an EC model of requirements and planning to find threats at run-time. In [11], however, the goals used to detect threats are more rigid than the ones used here; they say with absolute certainty whether there is an attack or not when the goal is satisfied. In the approach presented here, there is no certainty of attack if a suspicious goal is satisfied, the plans that reach the goal just give us threats (possible attacks).…”

“…It would be possible to incorporate our approach based on suspicion as a strategy in looking for threats at run-time. Then, the probabilistic component of such a system (like the one of [11]) would try to assign a probability to the computed threats. Here we use suspicion to look for threats in requirements to avoid systems with security vulnerabilities.…”

Suspicion-Driven Formal Analysis of Security Requirements

Data-Driven and Artificial Intelligence (AI) Approach for Modelling and Analyzing Healthcare Security Practice: A Systematic Review

Logical Inference Framework for Security Management in Geographical Information Systems