Attack Impact Discovery and Recovery with Dynamic Bayesian Networks
DOI:
https://doi.org/10.51983/ajcst-2019.8.S1.1953Keywords:
Dynamic Bayesian Networks, Intrusion Detection SystemsAbstract
The network attacks are discovered using the Intrusion Detection Systems (IDS). Anomaly, signature and compound attack detection schemes are employed to fetch malicious data traffic activities. The attack impact analysis operations are carried out to discover the malicious objects in the network. The system objects are contaminated with process injection or hijacking. The attack ramification model discovers the contaminated objects. The dependency networks are built to model the information flow over the objects in the network. The dependency network is a directed graph built to indicate the data communication over the objects. The attack ramification models are designed with intrusion root information. The attack ramifications are applied to identify the malicious objects and contaminated objects. The attack ramifications are discovered with the information flows from the attack sources. The Attack Ramification with Bayesian Network (ARBN) scheme discovers the attack impact without the knowledge of the intrusion root. The probabilistic reasoning approach is employed to analyze the object state for ramification process. The objects lifetime is divided into temporal slices to verify the object state changes. The system call traces and object slices are correlated to construct the Temporal Dependency Network (TDN). The Bayesian Network (BN) is constructed with the uncertain data communication activities extracted from the TDN. The attack impact is fetched with loopy belief propagation on the BN model. The network security system is built with attack impact analysis and recovery operations. Live traffic data analysis process is carried out with improved temporal slicing concepts. Attack Ramification and Recovery with Dynamic Bayesian Network (ARRDBN) is built to support attack impact analysis and recovery tasks. The unsupervised attack handling mechanism automatically discovers the feasible solution for the associated attacks.
References
Y. Yang, Z. Cai, C. Wang, and J. Zhang, "Probabilistically Inferring Attack Ramifications Using Temporal Dependency Network," IEEE Transactions on Information Forensics and Security, vol. 13, no. 11, pp. 2697-2712, Nov. 2018.
Z. Xu et al., "High fidelity data reduction for big data security dependency analyses," in Proc. ACM CCS'16, pp. 504-516, 2016.
C. Alippi, S. Ntalampiras, and M. Roveri, "Model-free fault detection and isolation in large-scale cyber-physical systems," IEEE Trans. Emerg. Topics Comput. Intell., vol. 1, no. 1, pp. 61-71, Feb. 2017.
M. Albanese and S. Jajodia, "A graphical model to assess the impact of multi-step attacks," J. Defense Modeling and Simulation, vol. 15, no. 1, pp. 79-93, Apr. 2017.
A. Motzek and R. Möller, "Context- and bias-free probabilistic mission impact assessment," Comput. Secur., vol. 65, no. C, Mar. 2017.
A. Motzek, R. Möller, M. Lange, and S. Dubus, "Probabilistic mission impact assessment based on widespread local events," in Proc. NATO IST-128 Workshop: Assessing Mission Impact of Cyberattacks, pp. 16-22, 2015.
W. K. Sze and R. Sekar, "Provenance-based integrity protection for windows," in Proc. ACSAC'15, pp. 211-220, 2015.
S. Ntalampiras, "Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling," IEEE Trans. Ind. Informat., vol. 11, no. 1, pp. 104-111, Feb. 2015.
A. Motzek and R. Möller, "Indirect causes in dynamic bayesian networks revisited," in Proc. IJCAI'15, pp. 703-709, 2015.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2019 The Research Publication
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.