International Workshop on Recent Advances in Intrusion Detection

RAID 2008: Recent Advances in Intrusion Detection pp 408-409

Anomaly and Specification Based Cognitive Approach for Mission-Level Detection and Response

(Extended Abstract)
  • Paul Rubel
  • Partha Pal
  • Michael Atighetchi
  • D. Paul Benjamin
  • Franklin Webber
Conference paper

DOI: 10.1007/978-3-540-87403-4_30

Volume 5230 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Rubel P., Pal P., Atighetchi M., Benjamin D.P., Webber F. (2008) Anomaly and Specification Based Cognitive Approach for Mission-Level Detection and Response. In: Lippmann R., Kirda E., Trachtenberg A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg

Abstract

In 2005 a survivable system we built was subjected to red-team evaluation. Analyzing, interpreting, and responding to the defense mechanism reports took a room of developers. In May 2008 we took part in another red-team exercise. During this exercise an autonomous reasoning engine took the place of the room of developers. Our reasoning engine uses anomaly and specification-based approaches to autonomously decide if system and mission availability is in jeopardy, and take necessary corrective actions. This extended abstract presents a brief summary of the reasoning capability we developed: how it categorizes the data into an internal representation and how it uses deductive and coherence based reasoning to decide whether a response is warranted.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Paul Rubel
    • 1
  • Partha Pal
    • 1
  • Michael Atighetchi
    • 1
  • D. Paul Benjamin
    • 2
  • Franklin Webber
    • 1
  1. 1.BBN TechnologiesCambridgeUSA
  2. 2.Pace UniversityNew YorkUSA