Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

Adel Alshamrani; Ankur Chowdhary; Oussama Mjihil; Sowmya Myneni; Dijiang Huang

doi:10.1109/GLOCOM.2018.8647326

Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

Adel Alshamrani, Ankur Chowdhary, Oussama Mjihil, Sowmya Myneni, Dijiang Huang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

Original language	English (US)
Title of host publication	2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781538647271
DOIs	https://doi.org/10.1109/GLOCOM.2018.8647326
State	Published - 2018
Event	2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates Duration: Dec 9 2018 → Dec 13 2018

Publication series

Name	2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

Conference

Conference	2018 IEEE Global Communications Conference, GLOBECOM 2018
Country/Territory	United Arab Emirates
City	Abu Dhabi
Period	12/9/18 → 12/13/18

Keywords

Advanced Persistent Threats
Attack Graph
Intrusion Detection Systems

ASJC Scopus subject areas

Information Systems and Management
Renewable Energy, Sustainability and the Environment
Safety, Risk, Reliability and Quality
Signal Processing
Modeling and Simulation
Instrumentation
Computer Networks and Communications

Access to Document

10.1109/GLOCOM.2018.8647326

Cite this

Alshamrani, A., Chowdhary, A., Mjihil, O., Myneni, S., & Huang, D. (2018). Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings Article 8647326 (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GLOCOM.2018.8647326

Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. / Alshamrani, Adel; Chowdhary, Ankur; Mjihil, Oussama et al.
2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2018. 8647326 (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Alshamrani, A, Chowdhary, A, Mjihil, O, Myneni, S & Huang, D 2018, Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. in 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings., 8647326, 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE Global Communications Conference, GLOBECOM 2018, Abu Dhabi, United Arab Emirates, 12/9/18. https://doi.org/10.1109/GLOCOM.2018.8647326

Alshamrani A, Chowdhary A, Mjihil O, Myneni S, Huang D. Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2018. 8647326. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). doi: 10.1109/GLOCOM.2018.8647326

@inproceedings{ed86126e24784f41890059c6b577e7a0,

title = "Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation",

abstract = "Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.",

keywords = "Advanced Persistent Threats, Attack Graph, Intrusion Detection Systems",

author = "Adel Alshamrani and Ankur Chowdhary and Oussama Mjihil and Sowmya Myneni and Dijiang Huang",

note = "Funding Information: This research is based upon work supported by the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375. Publisher Copyright: {\textcopyright} 2018 IEEE.; 2018 IEEE Global Communications Conference, GLOBECOM 2018 ; Conference date: 09-12-2018 Through 13-12-2018",

year = "2018",

doi = "10.1109/GLOCOM.2018.8647326",

language = "English (US)",

series = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",

}

TY - GEN

T1 - Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

AU - Alshamrani, Adel

AU - Chowdhary, Ankur

AU - Mjihil, Oussama

AU - Myneni, Sowmya

AU - Huang, Dijiang

N1 - Funding Information: This research is based upon work supported by the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375. Publisher Copyright: © 2018 IEEE.

PY - 2018

Y1 - 2018

N2 - Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

AB - Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

KW - Advanced Persistent Threats

KW - Attack Graph

KW - Intrusion Detection Systems

UR - http://www.scopus.com/inward/record.url?scp=85063452879&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063452879&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2018.8647326

DO - 10.1109/GLOCOM.2018.8647326

M3 - Conference contribution

AN - SCOPUS:85063452879

T3 - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

BT - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2018 IEEE Global Communications Conference, GLOBECOM 2018

Y2 - 9 December 2018 through 13 December 2018

ER -

Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this