Projecting Cyberattacks Through Variable-Length Markov Models

Fava, Daniel Schnetzer; Byers, S.R.; Yang, Shanchieh Jay

doi:10.1109/tifs.2008.924605

Cited by 61 publications

(44 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It is similar to the Markov process, but the sum of the total state occurrence probabilities in vector P is not equal to 1, which is essentially different from Markov process introduced in [1,17]. Meanwhile, each phase of multistep attack is predicted gradually based on Algorithm 18.…”

Section: Remarks 19mentioning

confidence: 99%

See 1 more Smart Citation

Quantitative Method for Network Security Situation Based on Attack Prediction

Zhang

Liu

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Multistep attack prediction and security situation awareness are two big challenges for network administrators because future is generally unknown. In recent years, many investigations have been made. However, they are not sufficient. To improve the comprehensiveness of prediction, in this paper, we quantitatively convert attack threat into security situation. Actually, two algorithms are proposed, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction. The first algorithm aims to provide more abundant information of future attack behaviors by simulating incremental network penetration. Through timely evaluating the attack capacity of intruder and defense strategies of defender, the likely attack goal, path, and probability and time-cost are predicted dynamically along with the ongoing security events. Furthermore, in combination with the common vulnerability scoring system (CVSS) metric and network assets information, the second algorithm quantifies the concealed attack threat into the surfaced security risk from two levels: host and network. Examples show that our method is feasible and flexible for the attack-defense adversarial network environment, which benefits the administrator to infer the security situation in advance and prerepair the critical compromised hosts to maintain normal network communication.

show abstract

Section: Remarks 19mentioning

confidence: 99%

“…In order to obtain the security status of the network and to predict its trend, the researchers first studied attack threats [1,2], network vulnerability [3,4], and other related aspects. In summary, the researches on these aspects are relatively mature.…”

Section: Introductionmentioning

confidence: 99%

Quantitative Method for Network Security Situation Based on Attack Prediction

Zhang

Liu

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In such cases, network attack prediction will need to dynamically learn about the attack behavior. A few works (Fava et al 2008;Du and Yang 2011a;Cipriano et al 2011;Cheng et al 2011;Soldo et al 2011) were developed to learn and predict attack behaviors without relying on pre-defined attack plans or detailed network information. …”

Section: Prediction By Learning Attack Behaviors/patternsmentioning

confidence: 99%

Attack Projection

Yang

Holsopple

et al. 2014

Advances in Information Security

View full text Add to dashboard Cite

“…In the presence of diverse, unknown, and fastevolving adversary behaviors, we developed a near-realtime Fuzzy inference system that combines predictive outputs from a Variable Length Markov Model (VLMM) [14]. The system, called F-VLMM, captures sequential patterns exhibited in observed adversary activities, and predicts the next likely adversary actions by combining different feature estimates via fuzzy logic.…”

Section: Past Behaviormentioning

confidence: 99%

Issues and challenges in higher level fusion: Threat/impact assessment and intent modeling (a panel summary)

Salerno

Yang

Kadar

et al. 2010

2010 13th International Conference on Information Fusion

View full text Add to dashboard Cite

-Many say that we live in the information age, but in reality if you ask any analyst today they would say we live in the data age. The amount of data being presented and displayed to the analyst is overwhelming ---to a point that in many cases they are missing the salient or key activities of interest. Analysts are spending the majority of their time filtering through the data rather than performing analysis. Over the past 10 years, there has been an increasing emphasis on research in higher level fusion or what many are calling situation awareness.In this paper, we describe a collection of research addressing the challenges of enabling situation awareness. We will review our reference model and provide a discussion of a flow through the model to include how we can rank various activities based on their impact and threat. We also provide a number of algorithms that have been implemented and then tested and evaluated using a set of performance metrics.

show abstract

Projecting Cyberattacks Through Variable-Length Markov Models

Cited by 61 publications

References 23 publications

Quantitative Method for Network Security Situation Based on Attack Prediction

Quantitative Method for Network Security Situation Based on Attack Prediction

Attack Projection

Issues and challenges in higher level fusion: Threat/impact assessment and intent modeling (a panel summary)

Contact Info

Product

Resources

About