TY - JOUR
T1 - A structural framework for modeling multi-stage network attacks
AU - Daley, Kristopher
AU - Larson, Ryan
AU - Dawkins, Jerald
PY - 2002
Y1 - 2002
N2 - Incidents such as Solar Sunrise and Nimda demonstrate the need to expressively model distributed and complex network attacks. To protect information systems, system administrators must be able to represent vulnerabilities in a way that lends itself to correlation, analysis, and prediction. State of the art intrusion detection and attack analysis systems struggle to effectively represent sophisticated attacks. Strategic models express exploits as goal-oriented attack trees. Attack trees represent adversarial behavior by connecting events in 'AND'-'OR' tree structures. However these structures need to be enhanced and expressed in a formal manner in order to adequately represent the complexity of recent cyber attacks. This paper provides a methodology for capturing the structure of various network vulnerabilities and multi-stage attacks. By extending the attack tree paradigm, we provide a context sensitive attack modeling framework that, through abstraction, supports incident correlation, analysis, and prediction.
AB - Incidents such as Solar Sunrise and Nimda demonstrate the need to expressively model distributed and complex network attacks. To protect information systems, system administrators must be able to represent vulnerabilities in a way that lends itself to correlation, analysis, and prediction. State of the art intrusion detection and attack analysis systems struggle to effectively represent sophisticated attacks. Strategic models express exploits as goal-oriented attack trees. Attack trees represent adversarial behavior by connecting events in 'AND'-'OR' tree structures. However these structures need to be enhanced and expressed in a formal manner in order to adequately represent the complexity of recent cyber attacks. This paper provides a methodology for capturing the structure of various network vulnerabilities and multi-stage attacks. By extending the attack tree paradigm, we provide a context sensitive attack modeling framework that, through abstraction, supports incident correlation, analysis, and prediction.
UR - http://www.scopus.com/inward/record.url?scp=84860434875&partnerID=8YFLogxK
U2 - 10.1109/ICPPW.2002.1039705
DO - 10.1109/ICPPW.2002.1039705
M3 - Article
AN - SCOPUS:84860434875
SN - 1530-2016
SP - 5
EP - 10
JO - Proceedings of the International Conference on Parallel Processing Workshops
JF - Proceedings of the International Conference on Parallel Processing Workshops
M1 - 1039705
ER -