Abstract
Attackers can exploit vulnerabilities to incrementally penetrate a network and compromise critical systems. The enormous amount of raw security data available to analysts and the complex interdependencies among vulnerabilities make manual analysis extremely labor-intensive and error-prone. To address this important problem, we build on previous work on topological vulnerability analysis, and propose an automated framework to manage very large attack graphs and monitor high volumes of incoming alerts for the occurrence of known attack patterns in real-time. Specifically, we propose (i) a data structure that merges multiple attack graphs and enables concurrent monitoring of multiple types of attacks; (ii) an index structure that can effectively index millions of time-stamped alerts; (iii) a real-time algorithm that can process a continuous stream of alerts, update the index, and detect attack occurrences. We show that the proposed solution significantly improves the state of the art in cyber attack detection, enabling real-time attack detection.
Original language | English (US) |
---|---|
Title of host publication | Computer Information Systems - Analysis and Technologies - 10th International Conference, CISIM 2011, Proceedings |
Pages | 9-18 |
Number of pages | 10 |
DOIs | |
State | Published - 2011 |
Externally published | Yes |
Event | 10th International Conference on Computer Information Systems and Industrial Management Applications, CISIM 2011 - Kolkata, India Duration: Dec 14 2011 → Dec 16 2011 |
Publication series
Name | Communications in Computer and Information Science |
---|---|
Volume | 245 CCIS |
ISSN (Print) | 1865-0929 |
Conference
Conference | 10th International Conference on Computer Information Systems and Industrial Management Applications, CISIM 2011 |
---|---|
Country/Territory | India |
City | Kolkata |
Period | 12/14/11 → 12/16/11 |
Funding
This material is based upon work supported by the Army Research Office under MURI grant W911NF-09-1-0525 and DURIP grant W911NF-11-1-0340.
Keywords
- Attack graphs
- attack detection
- scalability
ASJC Scopus subject areas
- General Computer Science
- General Mathematics