語系:
繁體中文
English
說明(常見問題)
回圖書館首頁
手機版館藏查詢
登入
回首頁
切換:
標籤
|
MARC模式
|
ISBD
Multi-step attack detection via Baye...
~
Cole, Robert.
FindBook
Google Book
Amazon
博客來
Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
紀錄類型:
書目-語言資料,印刷品 : Monograph/item
正題名/作者:
Multi-step attack detection via Bayesian modeling under model parameter uncertainty./
作者:
Cole, Robert.
面頁冊數:
173 p.
附註:
Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
Contained By:
Dissertation Abstracts International74-12B(E).
標題:
Information Technology. -
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3573773
ISBN:
9781303451041
Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
Cole, Robert.
Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
- 173 p.
Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
Thesis (Ph.D.)--The Pennsylvania State University, 2013.
Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are designed with many points of ingress, points of exposure that can be leveraged by a motivated attacker seeking to compromise the confidentiality, integrity or availability of an organization's information assets. To protect its assets, an organization needs to implement information security controls that mitigate the risks associated with these techniques. One of the key controls available to an organization today is the intrusion detection system (IDS), which is used to detect specific events associated with unauthorized or suspicious activity. Traditional IDS systems have two limitations that this research addresses. First, most IDS systems are tuned to detect specific attacks, but do not attempt to automatically reason across multiple attacks. Such emphasis on "single-step" attacks, as opposed to "multi-step" attacks puts the entire burden of reasoning across multiple steps of a potential attack on the security analyst. Second, traditional IDS systems do not explicitly consider uncertainty, which limits the analyst's ability to model situations in which uncertainty might be a significant factor.
ISBN: 9781303451041Subjects--Topical Terms:
1030799
Information Technology.
Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
LDR
:04100nam a2200277 4500
001
1965566
005
20141030134121.5
008
150210s2013 ||||||||||||||||| ||eng d
020
$a
9781303451041
035
$a
(MiAaPQ)AAI3573773
035
$a
AAI3573773
040
$a
MiAaPQ
$c
MiAaPQ
100
1
$a
Cole, Robert.
$3
2102244
245
1 0
$a
Multi-step attack detection via Bayesian modeling under model parameter uncertainty.
300
$a
173 p.
500
$a
Source: Dissertation Abstracts International, Volume: 74-12(E), Section: B.
500
$a
Adviser: Peng Liu.
502
$a
Thesis (Ph.D.)--The Pennsylvania State University, 2013.
520
$a
Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are designed with many points of ingress, points of exposure that can be leveraged by a motivated attacker seeking to compromise the confidentiality, integrity or availability of an organization's information assets. To protect its assets, an organization needs to implement information security controls that mitigate the risks associated with these techniques. One of the key controls available to an organization today is the intrusion detection system (IDS), which is used to detect specific events associated with unauthorized or suspicious activity. Traditional IDS systems have two limitations that this research addresses. First, most IDS systems are tuned to detect specific attacks, but do not attempt to automatically reason across multiple attacks. Such emphasis on "single-step" attacks, as opposed to "multi-step" attacks puts the entire burden of reasoning across multiple steps of a potential attack on the security analyst. Second, traditional IDS systems do not explicitly consider uncertainty, which limits the analyst's ability to model situations in which uncertainty might be a significant factor.
520
$a
This research examines the issue of multi-step attack detection in the presence of uncertainty in order to provide guidance to practitioners regarding the design and implementation of intrusion detection systems. First, we consider the bounding of uncertainty in a linear Bayesian model of multi-step attacks. In this work we outline a tradeoff between uncertainty and latency in the multi-step case: low inference uncertainty can be achieved but only at the price of latency in terms of the attack stage at which uncertainty levels become small. Next, we consider the problem of detection in a general attack topology. In this work, we show how to formulate queries for general definitions of intrusion and how to propagate parameter uncertainty through the model to a query result. In the case of zero parameter uncertainty, we provide an efficient algorithm to enumerate useful operating points within the 2-dimensional design space of detection rate x false positive rate. For the uncertain parameter case, we show how operating points become 2-dimensional operating boxes and show that the general problem of operating box enumeration is highly computationally complex, necessitating heuristic solutions. Next, we return our focus to the linear attack topology and theoretically show specific cases under which model parameter uncertainty cannot produce output uncertainty. Finally, we conduct experiments evaluating two heuristic solutions to the general detection problem under uncertainty, heuristics based on our theoretical results. We show that a heuristic solution based on our operating point enumeration algorithm provides results very close to those of full enumeration. Additionally, our experimental results show the significance of uncertainty in the multi-step attack detection cases considered, illustrating the importance of considering uncertainty when designing detection systems in the multi-step case.
590
$a
School code: 0176.
650
4
$a
Information Technology.
$3
1030799
690
$a
0489
710
2
$a
The Pennsylvania State University.
$b
Information Sciences and Technology.
$3
2095842
773
0
$t
Dissertation Abstracts International
$g
74-12B(E).
790
$a
0176
791
$a
Ph.D.
792
$a
2013
793
$a
English
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3573773
筆 0 讀者評論
館藏地:
全部
電子資源
出版年:
卷號:
館藏
1 筆 • 頁數 1 •
1
條碼號
典藏地名稱
館藏流通類別
資料類型
索書號
使用類型
借閱狀態
預約狀態
備註欄
附件
W9260565
電子資源
11.線上閱覽_V
電子書
EB
一般使用(Normal)
在架
0
1 筆 • 頁數 1 •
1
多媒體
評論
新增評論
分享你的心得
Export
取書館
處理中
...
變更密碼
登入