Techniques to Model and Derive a Cyber-Attacker’s Intelligence

View Sample PDF

Author(s): Peter J. Hawrylak (The University of Tulsa, USA), Chris Hartney (The University of Tulsa, USA), Michael Haney (The University of Tulsa, USA), Jonathan Hamm (The University of Tulsa, USA)and John Hale (The University of Tulsa, USA)
Copyright: 2013
Pages: 19
Source title: Efficiency and Scalability Methods for Computational Intellect
Source Author(s)/Editor(s): Boris Igelnik (BMI Research, Inc., USA)and Jacek M. Zurada (University of Louisville, USA)
DOI: 10.4018/978-1-4666-3942-3.ch008

Keywords: Artificial Intelligence / Computational Intelligence / Computer Science & IT / Information Science Reference

Purchase

View Techniques to Model and Derive a Cyber-Attacker’s Intelligence on the publisher's website for pricing and purchasing information.

Abstract

Identifying the level of intelligence of a cyber-attacker is critical to detecting cyber-attacks and determining the next targets or steps of the adversary. This chapter explores intrusion detection systems (IDSs) which are the traditional tool for cyber-attack detection, and attack graphs which are a formalism used to model cyber-attacks. The time required to detect an attack can be reduced by classifying the attacker’s knowledge about the system to determine the traces or signatures for the IDS to look for in the audit logs. The adversary’s knowledge of the system can then be used to identify their most likely next steps from the attack graph. A computationally efficient technique to compute the likelihood and impact of each step of an attack is presented. The chapter concludes with a discussion describing the next steps for implementation of these processes in specialized hardware to achieve real-time attack detection.

The IRMA Community

Research IRM

Techniques to Model and Derive a Cyber-Attacker’s Intelligence

Purchase

Abstract

Related Content

IRMA Sponsors