Share Email Print
cover

Proceedings Paper

Detection of complex cyber attacks
Author(s): Ian Gregorio- de Souza; Vincent H. Berk; Annarita Giani; George Bakos; Marion Bates; George Cybenko; Doug Madory
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

Paper Details

Date Published: 10 May 2006
PDF: 9 pages
Proc. SPIE 6201, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense V, 620106 (10 May 2006); doi: 10.1117/12.670131
Show Author Affiliations
Ian Gregorio- de Souza, Dartmouth College (United States)
Vincent H. Berk, Dartmouth College (United States)
Annarita Giani, Dartmouth College (United States)
George Bakos, Dartmouth College (United States)
Marion Bates, Dartmouth College (United States)
George Cybenko, Dartmouth College (United States)
Doug Madory, Dartmouth College (United States)


Published in SPIE Proceedings Vol. 6201:
Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense V
Edward M. Carapezza, Editor(s)

© SPIE. Terms of Use
Back to Top