東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Multi-step attack detection via Baye...

Cole, Robert.

Linked to FindBook

Google Book

Amazon

博客來

Multi-step attack detection via Bayesian modeling under model parameter uncertainty.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Multi-step attack detection via Bayesian modeling under model parameter uncertainty./
Author:	Cole, Robert.
Description:	173 p.
Notes:	Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
Contained By:	Dissertation Abstracts International74-12B(E).
Subject:	Information Technology. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3573773
ISBN:	9781303451041

Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
Cole, Robert.

Multi-step attack detection via Bayesian modeling under model parameter uncertainty. - 173 p.

Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.

Thesis (Ph.D.)--The Pennsylvania State University, 2013.

Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are designed with many points of ingress, points of exposure that can be leveraged by a motivated attacker seeking to compromise the confidentiality, integrity or availability of an organization's information assets. To protect its assets, an organization needs to implement information security controls that mitigate the risks associated with these techniques. One of the key controls available to an organization today is the intrusion detection system (IDS), which is used to detect specific events associated with unauthorized or suspicious activity. Traditional IDS systems have two limitations that this research addresses. First, most IDS systems are tuned to detect specific attacks, but do not attempt to automatically reason across multiple attacks. Such emphasis on "single-step" attacks, as opposed to "multi-step" attacks puts the entire burden of reasoning across multiple steps of a potential attack on the security analyst. Second, traditional IDS systems do not explicitly consider uncertainty, which limits the analyst's ability to model situations in which uncertainty might be a significant factor.

ISBN: 9781303451041Subjects--Topical Terms:

1030799
Information Technology.

Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
LDR:04100nam a2200277 4500 001 1965566
005 20141030134121.5
008 150210s2013 ||||||||||||||||| ||eng d
020 $a 9781303451041
035 $a (MiAaPQ)AAI3573773
035 $a AAI3573773
040 $a MiAaPQ $c MiAaPQ
100 1 $a Cole, Robert. $3 2102244
245 1 0 $a Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
300 $a 173 p.
500 $a Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
500 $a Adviser: Peng Liu.
502 $a Thesis (Ph.D.)--The Pennsylvania State University, 2013.
520 $a Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are designed with many points of ingress, points of exposure that can be leveraged by a motivated attacker seeking to compromise the confidentiality, integrity or availability of an organization's information assets. To protect its assets, an organization needs to implement information security controls that mitigate the risks associated with these techniques. One of the key controls available to an organization today is the intrusion detection system (IDS), which is used to detect specific events associated with unauthorized or suspicious activity. Traditional IDS systems have two limitations that this research addresses. First, most IDS systems are tuned to detect specific attacks, but do not attempt to automatically reason across multiple attacks. Such emphasis on "single-step" attacks, as opposed to "multi-step" attacks puts the entire burden of reasoning across multiple steps of a potential attack on the security analyst. Second, traditional IDS systems do not explicitly consider uncertainty, which limits the analyst's ability to model situations in which uncertainty might be a significant factor.
520 $a This research examines the issue of multi-step attack detection in the presence of uncertainty in order to provide guidance to practitioners regarding the design and implementation of intrusion detection systems. First, we consider the bounding of uncertainty in a linear Bayesian model of multi-step attacks. In this work we outline a tradeoff between uncertainty and latency in the multi-step case: low inference uncertainty can be achieved but only at the price of latency in terms of the attack stage at which uncertainty levels become small. Next, we consider the problem of detection in a general attack topology. In this work, we show how to formulate queries for general definitions of intrusion and how to propagate parameter uncertainty through the model to a query result. In the case of zero parameter uncertainty, we provide an efficient algorithm to enumerate useful operating points within the 2-dimensional design space of detection rate x false positive rate. For the uncertain parameter case, we show how operating points become 2-dimensional operating boxes and show that the general problem of operating box enumeration is highly computationally complex, necessitating heuristic solutions. Next, we return our focus to the linear attack topology and theoretically show specific cases under which model parameter uncertainty cannot produce output uncertainty. Finally, we conduct experiments evaluating two heuristic solutions to the general detection problem under uncertainty, heuristics based on our theoretical results. We show that a heuristic solution based on our operating point enumeration algorithm provides results very close to those of full enumeration. Additionally, our experimental results show the significance of uncertainty in the multi-step attack detection cases considered, illustrating the importance of considering uncertainty when designing detection systems in the multi-step case.
590 $a School code: 0176.
650 4 $a Information Technology. $3 1030799
690 $a 0489
710 2 $a The Pennsylvania State University. $b Information Sciences and Technology. $3 2095842
773 0 $t Dissertation Abstracts International $g 74-12B(E).
790 $a 0176
791 $a Ph.D.
792 $a 2013
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3573773