Attack Plan Recognition and Prediction Using Causal Networks

Tucson, Arizona December 06-December 10

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.7

20th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Xinzhou Qin Articles by Wenke Lee

	ASCII Text	x
	Xinzhou Qin, Wenke Lee, "Attack Plan Recognition and Prediction Using Causal Networks," Computer Security Applications Conference, Annual, pp. 370-379, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004.

	BibTex	x
	@article{ 10.1109/CSAC.2004.7, author = {Xinzhou Qin and Wenke Lee}, title = {Attack Plan Recognition and Prediction Using Causal Networks}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2004}, issn = {1063-9527}, pages = {370-379}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.7}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Attack Plan Recognition and Prediction Using Causal Networks SN - 1063-9527 SP370 EP379 A1 - Xinzhou Qin, A1 - Wenke Lee, PY - 2004 KW - Intrusion detection KW - alert correlation KW - security management KW - attack scenario analysis VL - 0 JA - Computer Security Applications Conference, Annual ER -

Xinzhou Qin, Georgia Institute of Technology, Atlanta, GA

Wenke Lee, Georgia Institute of Technology, Atlanta, GA

Correlating and analyzing security alerts is a critical and challenging task in security management. Recently, some techniques have been proposed for security alert correlation. However, these approaches focus more on basic or low-level alert correlation. In this paper, we study how to conduct probabilistic inference to correlate and analyze attack scenarios. Specifically, we propose an approach to solving the following problems: 1) How to correlate isolated attack scenarios resulted from low-level alert correlation? 2) How to identify attacker's high-level strategies and intentions? 3) How to predict the potential attacks based on observed attack activities? We evaluate our approaches using DARPA's Grand Challenge Problem (GCP) data set. The results demonstrate the capability of our approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks.

Index Terms:

Intrusion detection, alert correlation, security management, attack scenario analysis

Citation:

Xinzhou Qin, Wenke Lee, "Attack Plan Recognition and Prediction Using Causal Networks," acsac, pp.370-379, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.