Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DISCEX
2003
IEEE
2003
IEEE
Modeling Multistep Cyber Attacks for Scenario Recognition
Efforts toward automated detection and identification of multistep cyber attack scenarios would benefit significantly from a methodology and language for modeling such scenarios. The Correlated Attack Modeling Language (CAML) uses a modular approach, where a module represents an inference step and modules can be linked together to detect multistep scenarios. CAML is accompanied by a library of predicates, which functions as a vocabulary to describe the properties of system states and events. The concept of attack patterns is introduced to facilitate reuse of generic modules in the attack modeling process. CAML is used in a prototype implementation of a scenario recognition engine that consumes first-level security alerts in real time and produces reports that identify multistep attack scenarios discovered in the alert stream.
Real-time TrafficAttack Modeling | Attack Scenarios | Cyber Attack Scenarios | DISCEX 2003 | Information Management |
Related Content
| Added | 04 Jul 2010 |
| Updated | 04 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | DISCEX |
| Authors | Steven Cheung, Ulf Lindqvist, Martin W. Fong |
Comments (0)
Researcher Info
|
