TANDI: threat assessment of network data and information

Holsopple, Jared; Yang, Shanchieh Jay; Sudit, Moises

doi:10.1117/12.665288

Cited by 16 publications

(13 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…attack intentions). Contextual information from IDS logs is also used as an input in several studies using a variety of tools for that purpose [14] [15]. The work presented at this section is an extension of our work presented in [16] where both the model and the resulting algorithm are formalised.…”

Section: Attack Detection Using Evolving Adversarial Behaviour In Cybmentioning

confidence: 91%

The DarkWeb: Cyber-Security Intelligence Gathering Opportunities, Risks and Rewards

Epiphaniou

French

Maple

2014

CIT

View full text Add to dashboard Cite

We offer a partial articulation of the threats and opportunities posed by the so-called Dark Web (DW). We go on to propose a novel DW attack detection and prediction model. Signalling aspects are considered wherein the DW is seen to comprise a low cost signaling environment. This holds inherent dangers as well as rewards for investigators as well as those with criminal intent. Suspected DW perpetrators typically act entirely in their own self-interest (e.g. illicit financial gain, terrorism, propagation of extremist views, extreme forms of racism, pornography, and politics; so-called 'radicalisation'). DW investigators therefore need to be suitably risk aware such that the construction of a credible legally admissible, robust evidence trail does not expose investigators to undue operational or legal risk.

show abstract

Section: Attack Detection Using Evolving Adversarial Behaviour In Cybmentioning

confidence: 91%

The DarkWeb: Cyber-Security Intelligence Gathering Opportunities, Risks and Rewards

Epiphaniou

French

Maple

2014

CIT

View full text Add to dashboard Cite

show abstract

“…INFERD efficiently correlates IDS alerts to identify individual multistage attacks [12] and provides situational measures of the identified attacks [19]. TANDI fuses information extracted from each attack track estimates, to determine threatened entities and to differentiate them by assigning threat scores [20]. This section illustrates the two fusion engines, starting by providing an overview of the integrated system architecture.…”

Section: High Level Information Fusion Assisted Cyber Defensementioning

confidence: 99%

“…Section 3 illustrates a proposed high level fusion based cyber defense system, that aims at providing situation, threat and impact assessment of cyber attacks. The system is based upon our work on INformation Fusion Engine for Real-time Decision-making (INFERD) [12,19] and Threat Assessment for Network Data and Information (TANDI) [20,21]. An inside look of INFERD and TANDI, in how they track and project cyber attack actions, is also provided in Section 3.…”

Section: Introductionmentioning

confidence: 99%

High level information fusion for tracking and projection of multistage cyber attacks

et al. 2009

Self Cite

View full text Add to dashboard Cite

“…The most common approach to develop cyber SA uses an enemy viewpoint approach [16]. In this approach, an Analyst attempts to predict how vulnerabilities can be exploited by the enemy, usually through a database of an enemy's preferences and capabilities [17][18] or an attack graph [19][20][21][22][23][24][25][26][27][28][29][30].…”

Section: Literature Reviewmentioning

confidence: 99%

Cyber-Argus: Modeling C2 Impacts of Cyber Attacks

Barreto¹,

Costa²,

Hieb³

2014

View full text Add to dashboard Cite

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.

show abstract

TANDI: threat assessment of network data and information

Cited by 16 publications

References 11 publications

The DarkWeb: Cyber-Security Intelligence Gathering Opportunities, Risks and Rewards

The DarkWeb: Cyber-Security Intelligence Gathering Opportunities, Risks and Rewards

High level information fusion for tracking and projection of multistage cyber attacks

Cyber-Argus: Modeling C2 Impacts of Cyber Attacks

Contact Info

Product

Resources

About