论文信息 - Modeling Internet Attacks

Modeling Internet Attacks

—As the frequency and complexity Internet attacks increase, systems administrators need more sophisticated tools to warn and direct their responses. The foundation for any such effort is a coherent model of exploits and vulnerabilities that is rich enough to capture the behavior and composition of multi-stage attacks. This paper describes an enhanced attack tree model of Internet attacks, and a companion specification language for expressing aggregate attack behaviors and modalities. A distributed attack notification and visualization system is briefly described that uses the model as a common representation for incidents captured by Intrusion Detection Systems (IDSs).

T. Tidwell | R. Larson | K. Fitch | J. Hale

[1] Harold S. Javitz,et al. The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[2] Carl E. Landwehr,et al. A taxonomy of computer program security flaws , 1993, CSUR.

[3] John D. Howard,et al. An analysis of security incidents on the Internet 1989-1995 , 1998 .

[4] Eugene H. Spafford,et al. Use of A Taxonomy of Security Faults , 1996 .

[5] Sandeep Kumar,et al. Classification and detection of computer intrusions , 1996 .

[6] Karl N. Levitt,et al. GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[7] Peter G. Neumann,et al. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[8] Biswanath Mukherjee,et al. DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[9] Erland Jonsson,et al. How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[10] D. Frincke,et al. A Framework for Cooperative Intrusion Detection , 1998 .

[11] D. Frincke,et al. A Visual Mathematical Model for Intrusion Detection , 1998 .