Share Email Print

Proceedings Paper

Multisource evidence fusion for cyber-situation assessment
Author(s): Bikash Sabata; Chester Ornes
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Novel methods of detecting cyber attacks on networks have been developed that are able to detect an increasing diverse variety of malicious cyber-events. However, this has only resulted in additional information burden on the network analyst. The integration of the distributed evidence from multiple sources is missing or ad-hoc at best. Only with the fusion of the multi-source evidence can we reason at a higher semantic level to detect and identify attacks and attackers. Further, integration at a higher semantic level will reduce the cognitive load on the security offcer and will make it possible for reasonable responses. This paper presents an overview of the D-Force system that uses a Bayesian Evidential Framework for fusing the multi-source evidence in a network to detect and recognize attacks. Attack hypothesis are generated as a result of evidence at the different network and host sensors. The hypotheses are verified or denied with additional evidence. Based on our initial experiments and tests the D-Force system promises to be a powerful tool in the information security offcers arsenal.

Paper Details

Date Published: 18 April 2006
PDF: 9 pages
Proc. SPIE 6242, Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006, 624201 (18 April 2006); doi: 10.1117/12.663436
Show Author Affiliations
Bikash Sabata, Aginova Inc. (United States)
Chester Ornes, Information Extraction and Transport, Inc. (United States)

Published in SPIE Proceedings Vol. 6242:
Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top