Abstract | ||
---|---|---|
A major function of a security analyst is to analyze collected intelligence looking for plans, associated events, or other evidence that may identify an adversary's intent. Armed with this knowledge, the analyst then develops potential responses (e.g., countermeasures) to deter the discovered plan or plans, weighs their strengths and weaknesses ( e.g., collateral damage) and then makes a recommendation for action. Unfortunately, the collected intelligence is typically sparse and it is not possible for the analyst to initially discover the adversary's specific intent. Under these circumstances, the analyst is forced to look at the range of possibleplans/actions an adversary may take. The full range of potential attack scenarios is too rich to generate manually. Its complexity also bars direct analysis and evaluation of the potential impact of alternative actions and countermeasures. To address these issues, we are developing a set of tools that exhibit the following features/capabilities:Using available partial plan segments (referred to as snippets), construct multiple feasible scenarios/pathways that an adversary may take to reach an identifiable end goalProvide visual tools for exploring sets of possible scenarios under various observables, importance, and likelihood conditions, helping the analyst generate information probes, actions and countermeasuresCompare the potential impact of alternative data probes, actions and countermeasures on an adversary's actions by assessing their discrimination/attack mitigation potential and possible side-effectsAutomatically suggest potential data probes, actions and countermeasures based on partial understanding of the adversary's plan and given observable activityThese tools can provide decision support for many different domains, including terrorist activity recognition and network intrusion detection. |
Year | Venue | Keywords |
---|---|---|
2010 | INFORMATICA-JOURNAL OF COMPUTING AND INFORMATICS | planning, attack recognition, intrusion detection |
Field | DocType | Volume |
Countermeasure,Network intrusion detection,Activity recognition,Computer science,Computer security,Decision support system,Collateral,Artificial intelligence,Adversary,Strengths and weaknesses,Machine learning | Journal | 34 |
Issue | ISSN | Citations |
2 | 0350-5596 | 0 |
PageRank | References | Authors |
0.34 | 6 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Tatiana Kichkaylo | 1 | 81 | 6.30 |
Tatyana Ryutov | 2 | 112 | 8.41 |
Michael D. Orosz | 3 | 7 | 2.57 |
Robert Neches | 4 | 964 | 287.27 |