Scalable detection of cyber attacks

Massimiliano Albanese*, Sushil Jajodia, Andrea Pugliese, V. S. Subrahmanian

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

Attackers can exploit vulnerabilities to incrementally penetrate a network and compromise critical systems. The enormous amount of raw security data available to analysts and the complex interdependencies among vulnerabilities make manual analysis extremely labor-intensive and error-prone. To address this important problem, we build on previous work on topological vulnerability analysis, and propose an automated framework to manage very large attack graphs and monitor high volumes of incoming alerts for the occurrence of known attack patterns in real-time. Specifically, we propose (i) a data structure that merges multiple attack graphs and enables concurrent monitoring of multiple types of attacks; (ii) an index structure that can effectively index millions of time-stamped alerts; (iii) a real-time algorithm that can process a continuous stream of alerts, update the index, and detect attack occurrences. We show that the proposed solution significantly improves the state of the art in cyber attack detection, enabling real-time attack detection.

Original languageEnglish (US)
Title of host publicationComputer Information Systems - Analysis and Technologies - 10th International Conference, CISIM 2011, Proceedings
Pages9-18
Number of pages10
DOIs
StatePublished - 2011
Externally publishedYes
Event10th International Conference on Computer Information Systems and Industrial Management Applications, CISIM 2011 - Kolkata, India
Duration: Dec 14 2011Dec 16 2011

Publication series

NameCommunications in Computer and Information Science
Volume245 CCIS
ISSN (Print)1865-0929

Conference

Conference10th International Conference on Computer Information Systems and Industrial Management Applications, CISIM 2011
Country/TerritoryIndia
CityKolkata
Period12/14/1112/16/11

Funding

This material is based upon work supported by the Army Research Office under MURI grant W911NF-09-1-0525 and DURIP grant W911NF-11-1-0340.

Keywords

  • Attack graphs
  • attack detection
  • scalability

ASJC Scopus subject areas

  • General Computer Science
  • General Mathematics

Fingerprint

Dive into the research topics of 'Scalable detection of cyber attacks'. Together they form a unique fingerprint.

Cite this