Attack chain detection. (26th September 2015)
- Record Type:
- Journal Article
- Title:
- Attack chain detection. (26th September 2015)
- Main Title:
- Attack chain detection
- Authors:
- Sexton, Joseph
Storlie, Curtis
Neil, Joshua - Abstract:
- Abstract: A targeted network intrusion typically evolves through multiple phases, termed the attack chain. When appropriate data are monitored, these phases will generate multiple events across the attack chain on a compromised host. It is shown empirically that events in different parts of the attack chain are largely independent under nonattack conditions. This suggests that a powerful detector can be constructed by combining across events spanning the attack. This article describes the development of such a detector for a larger network. To construct events that span the attack chain, multiple data sources are used, and the detector combines across events observed on the same machine, across local neighborhoods of machines linked by network communications, as well as across events observed on multiple computers. A probabilistic approach for evaluating the combined events is developed, and empirical investigations support the underlying assumptions. The detection power of the approach is studied by inserting plausible attack scenarios into observed network and host data, and an application to a real‐world intrusion is given.
- Is Part Of:
- Statistical analysis and data mining. Volume 8:Number 5/6(2015)
- Journal:
- Statistical analysis and data mining
- Issue:
- Volume 8:Number 5/6(2015)
- Issue Display:
- Volume 8, Issue 5/6 (2015)
- Year:
- 2015
- Volume:
- 8
- Issue:
- 5/6
- Issue Sort Value:
- 2015-0008-NaN-0000
- Page Start:
- 353
- Page End:
- 363
- Publication Date:
- 2015-09-26
- Subjects:
- intrusion detection -- anomaly detection
Data mining -- Statistical methods -- Periodicals
006.312 - Journal URLs:
- http://www3.interscience.wiley.com/journal/112701062/home ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sam.11296 ↗
- Languages:
- English
- ISSNs:
- 1932-1864
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8447.424100
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 9204.xml