Paper Info
Title
Probabilistic Inference for Obfuscated Network Attack Sequences
Abstract
Facing diverse network attack strategies and overwhelming alters, much work has been devoted to correlate observed malicious events to pre-defined scenarios, attempting to deduce the attack plans based on expert models of how network attacks may transpire. Sophisticated attackers can, however, employ a number of obfuscation techniques to confuse the alert correlation engine or classifier. Recognizing the need for a systematic analysis of the impact of attack obfuscation, this paper models attack strategies as general finite order Markov models, and treats obfuscated observations as noises. Taking into account that only finite observation window and limited computational time can be afforded, this work develops an algorithm to efficiently inference on the joint distribution of clean and obfuscated attack sequences. The inference algorithm recovers the optimal match of obfuscated sequences to attack models, and enables a systematic and quantitative analysis on the impact of obfuscation on attack classification.
Year
DOI
Venue
2014
10.1109/DSN.2014.22
DSN
Keywords
Field
DocType
systematic analysis,probabilistic inference,invasive software,limited computational time,sophisticated attackers,obfuscated network attack sequences,observed malicious events,markov models,computer network security,obfuscated attack sequences,markov processes,attack obfuscation,finite observation window,diverse network attack strategies,hidden markov models,probabilistic logic,vectors,dynamic programming,computational modeling
Data mining,Attack model,Markov model,Inference,Computer science,Network security,Pre-play attack,Probabilistic logic,Obfuscation,Hidden Markov model
Conference
ISSN
Citations 
PageRank 
1530-0889
4
0.42
References 
Authors
12
2
Name
Order
Citations
PageRank
Haitao Du1556.88
Shanchieh Jay Yang213123.11