Recognizing attack plans is one of the goals of security analysts. Attack plan recognition is critical for predicting future actions of attackers, generating possible actions (i.e., probes) to test attacker plans, and planning appropriate responses. The full range of potential attack scenarios is too rich to generate manually, and too complex for direct analysis and evaluation of the impact of alternative probes and defenses. We are developing a set of tools that address these issues by:
Tatiana Kichkaylo, Tatyana Ryutov, Michael D. Oros