Share Email Print

Proceedings Paper

Multisource evidence fusion for cyber-situation assessment
Author(s): Bikash Sabata; Chester Ornes
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Novel methods of detecting cyber attacks on networks have been developed that are able to detect an increasing diverse variety of malicious cyber-events. However, this has only resulted in additional information burden on the network analyst. The integration of the distributed evidence from multiple sources is missing or ad-hoc at best. Only with the fusion of the multi-source evidence can we reason at a higher semantic level to detect and identify attacks and attackers. Further, integration at a higher semantic level will reduce the cognitive load on the security offcer and will make it possible for reasonable responses. This paper presents an overview of the D-Force system that uses a Bayesian Evidential Framework for fusing the multi-source evidence in a network to detect and recognize attacks. Attack hypothesis are generated as a result of evidence at the different network and host sensors. The hypotheses are verified or denied with additional evidence. Based on our initial experiments and tests the D-Force system promises to be a powerful tool in the information security offcers arsenal.

Paper Details

Date Published: 18 April 2006
PDF: 9 pages
Proc. SPIE 6242, Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006, 624201 (18 April 2006); doi: 10.1117/12.663436
Show Author Affiliations
Bikash Sabata, Aginova Inc. (United States)
Chester Ornes, Information Extraction and Transport, Inc. (United States)

Published in SPIE Proceedings Vol. 6242:
Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top