Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

Adel Alshamrani, Ankur Chowdhary, Oussama Mjihil, Sowmya Myneni, Dijiang Huang

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

    Original languageEnglish (US)
    Title of host publication2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    ISBN (Electronic)9781538647271
    DOIs
    StatePublished - Feb 20 2019
    Event2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates
    Duration: Dec 9 2018Dec 13 2018

    Publication series

    Name2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

    Conference

    Conference2018 IEEE Global Communications Conference, GLOBECOM 2018
    CountryUnited Arab Emirates
    CityAbu Dhabi
    Period12/9/1812/13/18

    Fingerprint

    tracing
    Tracing
    attack
    Attack
    Intrusion detection
    incentives
    Firewall
    countermeasures
    reconnaissance
    Countermeasures
    Intrusion Detection
    Incentives
    Period of time
    Networking
    Range of data
    Threat

    Keywords

    • Advanced Persistent Threats
    • Attack Graph
    • Intrusion Detection Systems

    ASJC Scopus subject areas

    • Information Systems and Management
    • Renewable Energy, Sustainability and the Environment
    • Safety, Risk, Reliability and Quality
    • Signal Processing
    • Modeling and Simulation
    • Instrumentation
    • Computer Networks and Communications

    Cite this

    Alshamrani, A., Chowdhary, A., Mjihil, O., Myneni, S., & Huang, D. (2019). Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings [8647326] (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GLOCOM.2018.8647326

    Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. / Alshamrani, Adel; Chowdhary, Ankur; Mjihil, Oussama; Myneni, Sowmya; Huang, Dijiang.

    2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. 8647326 (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Alshamrani, A, Chowdhary, A, Mjihil, O, Myneni, S & Huang, D 2019, Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. in 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings., 8647326, 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE Global Communications Conference, GLOBECOM 2018, Abu Dhabi, United Arab Emirates, 12/9/18. https://doi.org/10.1109/GLOCOM.2018.8647326
    Alshamrani A, Chowdhary A, Mjihil O, Myneni S, Huang D. Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2019. 8647326. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings). https://doi.org/10.1109/GLOCOM.2018.8647326
    Alshamrani, Adel ; Chowdhary, Ankur ; Mjihil, Oussama ; Myneni, Sowmya ; Huang, Dijiang. / Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation. 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. (2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings).
    @inproceedings{ed86126e24784f41890059c6b577e7a0,
    title = "Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation",
    abstract = "Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.",
    keywords = "Advanced Persistent Threats, Attack Graph, Intrusion Detection Systems",
    author = "Adel Alshamrani and Ankur Chowdhary and Oussama Mjihil and Sowmya Myneni and Dijiang Huang",
    year = "2019",
    month = "2",
    day = "20",
    doi = "10.1109/GLOCOM.2018.8647326",
    language = "English (US)",
    series = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",
    booktitle = "2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings",

    }

    TY - GEN

    T1 - Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation

    AU - Alshamrani, Adel

    AU - Chowdhary, Ankur

    AU - Mjihil, Oussama

    AU - Myneni, Sowmya

    AU - Huang, Dijiang

    PY - 2019/2/20

    Y1 - 2019/2/20

    N2 - Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

    AB - Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.

    KW - Advanced Persistent Threats

    KW - Attack Graph

    KW - Intrusion Detection Systems

    UR - http://www.scopus.com/inward/record.url?scp=85063452879&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85063452879&partnerID=8YFLogxK

    U2 - 10.1109/GLOCOM.2018.8647326

    DO - 10.1109/GLOCOM.2018.8647326

    M3 - Conference contribution

    T3 - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

    BT - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -