论文信息 - Defining the Malice Space with Natural Language Processing Techniques

Defining the Malice Space with Natural Language Processing Techniques

An important step toward cyber security is understanding the attack space or malice space of the system—the various sequences of actions that could be used to exploit that sys-tem. For this purpose, the cyber security community has developed techniques such as attack trees [1]. Even com-modity devices can have large and complex malice spaces that are difficult to define. Formally representing large, complex spaces (e.g., the space of English sentences) is a central concern in linguistics and natural language pro-cessing, and we will show that the techniques developed for natural language processing can be applied to cyber security to provide significant advantages over techniques currently used to define the malice space.

[1] Somesh Jha,et al. Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[2] B. Fischhoff,et al. Fault Trees: Sensitivity of Estimated Failure Probabilities to Problem Representation , 2005 .

[3] Mark Stefik,et al. Planning with Constraints (MOLGEN: Part 1) , 1981, Artif. Intell..

[4] Terry Patten. Systemic text generation as problem solving , 2007, Studies in natural language processing.

[5] Jonathan J. Webster,et al. Language and society , 2009 .

[6] Ronald M. Kaplan,et al. Lexical Functional Grammar A Formal System for Grammatical Representation , 2004 .

[7] Josef Ruppenhofer,et al. FrameNet II: Extended theory and practice , 2006 .

[8] Robert J. Ellison,et al. Attack Trees , 2009, Encyclopedia of Biometrics.

[9] Martin Kay,et al. Parsing in functional unification grammar , 1986 .

[10] Terry Winograd,et al. Procedures As A Representation For Data In A Computer Program For Understanding Natural Language , 1971 .

[11] Michael Halliday. On language and linguistics , 2003 .

[12] William C. Mann,et al. Nigel: A Systemic Grammar for Text Generation. , 1983 .