Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

Adel Alshamrani, Ankur Chowdhary, Oussama Mjihil, Sowmya Myneni, Dijiang Huang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

Original languageEnglish (US)
Title of host publication2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538647271
DOIs
StatePublished - Feb 20 2019
Event2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates
Duration: Dec 9 2018Dec 13 2018

Publication series

Name2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

Conference

Conference2018 IEEE Global Communications Conference, GLOBECOM 2018
CountryUnited Arab Emirates
CityAbu Dhabi
Period12/9/1812/13/18

Fingerprint

tracing
Tracing
attack
Attack
Intrusion detection
incentives
Firewall
countermeasures
reconnaissance
Countermeasures
Intrusion Detection
Incentives
Period of time
Networking
Range of data
Threat

Keywords

  • Advanced Persistent Threats
  • Attack Graph
  • Intrusion Detection Systems

ASJC Scopus subject areas

  • Information Systems and Management
  • Renewable Energy, Sustainability and the Environment
  • Safety, Risk, Reliability and Quality
  • Signal Processing
  • Modeling and Simulation
  • Instrumentation
  • Computer Networks and Communications

Cite this

Alshamrani, A., Chowdhary, A., Mjihil, O., Myneni, S., & Huang, D. (2019). Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings [8647326] (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GLOCOM.2018.8647326

Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. / Alshamrani, Adel; Chowdhary, Ankur; Mjihil, Oussama; Myneni, Sowmya; Huang, Dijiang.

2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. 8647326 (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Alshamrani, A, Chowdhary, A, Mjihil, O, Myneni, S & Huang, D 2019, Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. in 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings., 8647326, 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE Global Communications Conference, GLOBECOM 2018, Abu Dhabi, United Arab Emirates, 12/9/18. https://doi.org/10.1109/GLOCOM.2018.8647326
Alshamrani A, Chowdhary A, Mjihil O, Myneni S, Huang D. Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2019. 8647326. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). https://doi.org/10.1109/GLOCOM.2018.8647326
Alshamrani, Adel ; Chowdhary, Ankur ; Mjihil, Oussama ; Myneni, Sowmya ; Huang, Dijiang. / Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).
@inproceedings{ed86126e24784f41890059c6b577e7a0,
title = "Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation",
abstract = "Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.",
keywords = "Advanced Persistent Threats, Attack Graph, Intrusion Detection Systems",
author = "Adel Alshamrani and Ankur Chowdhary and Oussama Mjihil and Sowmya Myneni and Dijiang Huang",
year = "2019",
month = "2",
day = "20",
doi = "10.1109/GLOCOM.2018.8647326",
language = "English (US)",
series = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",

}

TY - GEN

T1 - Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

AU - Alshamrani, Adel

AU - Chowdhary, Ankur

AU - Mjihil, Oussama

AU - Myneni, Sowmya

AU - Huang, Dijiang

PY - 2019/2/20

Y1 - 2019/2/20

N2 - Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

AB - Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

KW - Advanced Persistent Threats

KW - Attack Graph

KW - Intrusion Detection Systems

UR - http://www.scopus.com/inward/record.url?scp=85063452879&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063452879&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2018.8647326

DO - 10.1109/GLOCOM.2018.8647326

M3 - Conference contribution

T3 - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

BT - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -