Share Email Print

Proceedings Paper

VTAC: virtual terrain assisted impact assessment for cyber attacks
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their 'impact' to services and users of the network. A network is modeled as 'virtual terrain' where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC).

Paper Details

Date Published: 17 March 2008
PDF: 12 pages
Proc. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, 69730F (17 March 2008); doi: 10.1117/12.777291
Show Author Affiliations
Brian J. Argauer, Rochester Institute of Technology (United States)
Shanchieh Jay Yang, Rochester Institute of Technology (United States)

Published in SPIE Proceedings Vol. 6973:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008
William J. Tolone; William Ribarsky, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?