Cyberpatterns pp 125-134 | Cite as

Attack Pattern Recognition Through Correlating Cyber Situational Awareness in Computer Networks

  • Noor-ul-hassan ShiraziEmail author
  • Alberto Schaeffer-Filho
  • David Hutchison


There is no denying that communication networks, in particular the Internet, have changed our lives in many ways. Many organizations and businesses in general benefit, but at the same time their communication networks face many challenges such as cyber-attacks, which can result in disruptions of services and huge financial losses. Therefore, resilience of these networks against cyber-attacks is a growing interest in the cyber security community. In this paper, we propose a framework for attack pattern recognition by collecting and correlating cyber situational information vertically across protocol-levels, and horizontally along the end-to-end network path. This will help to analyze cyber challenges from different viewpoints and to develop effective countermeasures.


Multi-level resilience Apattern Cyber situational awareness 



This research is partially supported by the EPSRC funded India-UK Advanced Technology Centre in Next Generation Networking.


  1. 1.
    Rinalid SM, Peerenboom JP, Kelly TK. Identifying, understanding and analyzing critical infrastructure interdependencies. IEEE Control Syst Magaz. 2001;21(6):11–25. doi: 10.1109/37.969131.
  2. 2.
    Smith P, Hutchison D, Schöller M, Fessi A, Karaliopoulos M, Lac C, Plattner B. Network resilience: a systematic approach. IEEE Commun Magaz. 2011;49(7):88–97. doi: 10.1109/MCOM.2011.5936160.
  3. 3.
    Computer Crime Research Center. Cybercrime is an organized and sophisticated business. 2001. Accessed Sept 2013.
  4. 4.
    Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Inc, Boston, MA, USA: Addison-Wesley Longman Publishing Co.; 1995.Google Scholar
  5. 5.
    Jain AK, Murty MN, Flynn PJ. Data clustering: a review. ACM Comput Surv. 1999;31(3):264–323. doi: NULL.
  6. 6.
    Pavan M, Pelillo M. A new graph-theoretic approach to clustering and segmentation. In: Proceedings of the IEEE conference on computer vision and pattern recognition, Madison, Wisconsin, USA. doi: 10.1109/CVPR.2003.1211348; 2003. pp. 145–152.
  7. 7.
    Tan P-N, Steinbach M, Kumar V. Introduction to data mining. Inc, Boston, MA, USA: Addison-Wesley Longman Publishing Co.; 2005.Google Scholar
  8. 8.
    Adrian F, Rehnhard M. Histogram matrix:Log visualization for anomaly detection. In: Proceedings of the third international conference on availability reliability and security, Barcelona, Spain; 2008. pp 610–617.Google Scholar
  9. 9.
    Kind A, Stoecklin MP, Dimitriopoulos X. Histogram based traffic anomaly detection. IEEE Trans Netw Serv Manage. 2009;6(2):110–121. doi: 10.1109/TNSM.2009.090604.
  10. 10.
    Nousiainen S, Kilpi J, Silvonen P, HiirsalmiSami M. Anomaly detection from server log data. A Case Study. Tech. rep., VTT Research Notes. (2009).
  11. 11.
    Barnum S, Sethi A. An introduction to attack patterns as a software assurance knowledge resource. Tech. rep., Cigital Inc. (2007).
  12. 12.
    Barnum S. Common attack pattern enumeration and classification (CAPEC) schema description. Tech. rep., Cigital Inc. (2008).
  13. 13.
    Gu G, Perdisci R, Zhang J, Lee W. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX security symposium. San Jose: CA, USA; 2008. pp. 139–154.Google Scholar
  14. 14.
    Varrandi R. SEC—a light weight event correlation tool. In: Proceedings of the IEEE workshop on IP operations and management. doi: 10.1109/IPOM.2002.1045765; 2002. pp. 111–115.
  15. 15.
    Staniford S, Hoagland JA, McAlerney JA. Practical automated detection of stealthy portscans. J Comput Secur. 2002;10(1–2):105–36.Google Scholar
  16. 16.
    Staniford-Chen S, et al. GrIDS—A graph based intrusion detection system for large networks. In: Proceedings of the 19th national information systems security conference; 1996. pp. 361–370.Google Scholar
  17. 17.
    Roesch M. SNORT—Lightweight intrusion detection for networks. In: Proceedings of the USENIX technical program - 13th systems administration conference - LISA ’99. Washington, USA: Seattle; 1999. p. 229–238.Google Scholar
  18. 18.
    The Team Cymru. Home page of The team Cymru darknet. (2009). Accessed Sept 2013.
  19. 19.
    Bailey M, Cooke E, Jahanian F, Nazario J, Watson D. The Internet motion sensor: a distributed blackhole monitoring system. In: Proceedings of the 12th annual network and distributed system security symposium (NDSS), San Diego, CA, USA; 2005.Google Scholar
  20. 20.
    Shannon C, Moore D. The spread of the witty worm. IEEE Secur Priv. 2004;2(4):46–50. doi: 10.1109/MSP.2004.59.
  21. 21.
    Staniford S, Moore D, Paxson V, Weaver N. The top speed of flash worms. In: Proceedings of the ACM workshop on rapid malcode, WORM 2004, Washington, DC, USA; 2004.Google Scholar
  22. 22.
    Pang R, Yegneswaran V, Barford P, Paxson V, Peterson L. Characteristics of Internet background radiation. In: Proceedings of the 4th ACM SIGCOMM, Taormina, Sicily, Italy; 2004. pp. 27–40. doi: 10.1145/1028788.1028794.
  23. 23.
    ArborNetworks. Estonian DDoS attacks-A summary to date. Tech. rep., Arbor Networks. (2007).
  24. 24.
    Pratt VR. Modeling concurrency with partial orders. Int J Parallel Prog. 1986;15(1):33–71. doi: 10.1007/BF01379149.
  25. 25.
    Yu Y, Fry M, Schaeffer-Filho A, Smith P, Hutchison D. An adaptive approach to network resilience: evolving challenge detection and mitigation. In: 2011 8th International workshop on the design of reliable communication Networks (DRCN). doi: 10.1109/DRCN.2011.6076900; 2011. pp 172–179.
  26. 26.
    Sterbenz JPG, Hutchison D, Çetinkaya EK, Jabbar A, Rohrer JP, Schöller M, Smith P. Resilience and survivability in communication networks: strategies, principles, and survey of disciplines. Comput Netw. 2010;54(8):1245–1265. doi: 10.1016/j.comnet.2010.03.005.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Noor-ul-hassan Shirazi
    • 1
    Email author
  • Alberto Schaeffer-Filho
    • 2
  • David Hutchison
    • 1
  1. 1.School of Computing and CommunicationsLancaster UniversityLancaster LA1 4WAUnited Kingdom
  2. 2.Institute of InformaticsFederal University of Rio Grande do SulPorto AlegreBrazil

Personalised recommendations