Intrusion Detection with Hypergraph-Based Attack Models
- 772 Downloads
In numerous security scenarios, given a sequence of logged activities, it is necessary to look for all subsequences that represent an intrusion, which can be meant as any “improper” use of a system, an attempt to damage parts of it, to gather protected information, to follow “paths” that do not comply with security rules, etc. In this paper we propose an hypergraph-based attack model for intrusion detection. The model allows the specification of various kinds of constraints on possible attacks and provides a high degree of flexibility in representing many different security scenarios. Besides discussing the main features of the model, we study the problems of checking the consistency of attack models and detecting attack instances in sequences of logged activities.
Unable to display preview. Download preview PDF.
- 4.Berge, C.: Hypergraphs: Combinatorics of Finite Sets. North-Holland (1989)Google Scholar
- 6.Vigna, G., Kemmerer, R.A.: Netstat: A network-based intrusion detection approach. In: ACSAC, pp. 25–34 (1998)Google Scholar
- 9.Pieters, W.: Ankh: Information threat analysis with actor-network hypergraphs. CTIT technical report series, Enschede, Centre for Telematics and Information Technology, University of Twente (2010)Google Scholar
- 10.Johnson, C.R., Montanari, M., Campbell, R.H.: Automatic management of logging infrastructure. In: National Centers of Academic Excellence - Workshop on Insider Threat, St Louis, MO, USA (2010)Google Scholar
- 15.Basu, A., Blanning, R.W.: Workflow analysis using attributed metagraphs. In: HICSS (2001)Google Scholar
- 19.Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: ACM Conference on Computer and Communications Security, pp. 217–224 (2002)Google Scholar
- 20.Noel, S., Robertson, E., Jajodia, S.: Correlating intrusion events and building attack scenarios through attack graph distances. In: ACSAC, pp. 350–359 (2004)Google Scholar
- 23.Chen, Y., Boehm, B.W., Sheppard, L.: Value driven security threat modeling based on attack path analysis. In: HICSS, p. 280 (2007)Google Scholar