Modeling Multistep Cyber Attacks for Scenario Recognition

14 years 4 months ago

Download www.csl.sri.com

Efforts toward automated detection and identiﬁcation of multistep cyber attack scenarios would beneﬁt signiﬁcantly from a methodology and language for modeling such scenarios. The Correlated Attack Modeling Language (CAML) uses a modular approach, where a module represents an inference step and modules can be linked together to detect multistep scenarios. CAML is accompanied by a library of predicates, which functions as a vocabulary to describe the properties of system states and events. The concept of attack patterns is introduced to facilitate reuse of generic modules in the attack modeling process. CAML is used in a prototype implementation of a scenario recognition engine that consumes ﬁrst-level security alerts in real time and produces reports that identify multistep attack scenarios discovered in the alert stream.

Steven Cheung, Ulf Lindqvist, Martin W. Fong

Real-time Traffic

Attack Modeling | Attack Scenarios | Cyber Attack Scenarios | DISCEX 2003 | Information Management |

claim paper

Post Info
More Details (n/a)

Added	04 Jul 2010
Updated	04 Jul 2010
Type	Conference
Year	2003
Where	DISCEX
Authors	Steven Cheung, Ulf Lindqvist, Martin W. Fong

Comments (0)

Sciweavers

Modeling Multistep Cyber Attacks for Scenario Recognition

Attack Modeling | Attack Scenarios | Cyber Attack Scenarios | DISCEX 2003 | Information Management |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers