ارائه یک معماری جدید برای تجسم اثرات حملات سایبری مبتنی بر ادغام اطلاعات سطح بالا در فرماندهی و کنترل سایبری

نویسندگان

1 دانشجوی دکترا، دانشگاه صنعتی مالک اشتر

2 دانشیار، مجتمع دانشگاهی برق و الکترونیک، دانشگاه صنعتی مالک اشتر

3 استادیار، مجتمع دانشگاهی فناوری اطلاعات، ارتباطات و امنیت، دانشگاه صنعتی مالک اشتر

چکیده

چکیده
شبکه های فرماندهی و کنترل کارا و پایدار دارای مدیریت و سیاست های امنیتی مناسب بوده و از اجزاء امنیتی محکمی برخوردارند. در این
نوع شبکه ها حتی مهاجمان حرفه ای نیز برای دستیابی به فایل های حساس یا به خطر انداختن موجودیت هایی چون میزبان، کاربر، سرویس و
هسته شبکه نیازمند اجرای حملات هماهنگ و چندمرحله ای هستند. بنابراین با استفاده از ادغام اطلاعات و تجسم اثر حملات سایبری
چندمرحله ای می توان در همان مراحل اولیه از ایجاد وقفه در عملیات شبکه و از دست دادن داده های مهم جلوگیری نمود. در این مقاله ضمن
ارائه یک معماری جدید از تجسم اثرات حملات سایبری با شبیه سازی الگو های مختلف این معماری در محیط شبیه سازی مختص فرایندهای
تصادفی نشان داده خواهد شد که چگونه این معماری با استفاده از ادغام اطلاعات سطح بالا منجر به بهبودی آگاهی وضعیتی سایبری میشود.

کلیدواژه‌ها


عنوان مقاله [English]

A new architecture for impact projection of cyber-attacks based on high level information fusion in cyber command and control

نویسندگان [English]

  • Koroush Dadash Tabar Ahmadi 1
  • Ali Jabbar Rashidi 2
  • Mortaza Barari 3
1 PhD student, Malik Ashtar University of Technology
2 Associate Professor, Electrical and Electronics University Complex, Malik Ashtar University of Technology
3 Assistant Professor, University Complex of Information Technology, Communication and Security, Malik Ashtar University of Technology
چکیده [English]

Efficient and sustainable command and control networks have appropriate management and security
policies and strong security components. In this kind of networks, even professional invaders for access to
sensitive files or compromising entities such as host, user, service and network, require the implementation
of multi-stage attacks. Therefore using multi-stage information fusion and impact projection of cyberattacks,
it is possible to prevent from interruption in network tasks and lose of important data at very early
stages of them. In this paper, while providing a new architecture of the impact projection of cyber-attacks,
with simulation of different patterns of this architecture in simulation environment specified for random
processes, it will be shown how this architecture using high level information fusion led to improve cyber
situational awareness. For simulation of random processes in the environment will be shown how this architecture
using high level data integration led to the recovery of knowledge positions will be backed cyber.

کلیدواژه‌ها [English]

  • Information Fusion
  • situational Awareness
  • Cyber Defense
  • Impact projection
[1] G. Tadda, J. J. Salerno, D. Boulware, M. Hinman, S.
Gorton, “Realizing situation awareness in a cyberenvironment,”
Proceedings of SPIE, Defense and Security
Symposium, vol. 6242, 2006.
[2] E. Blasch, I. Kadar, K. Hintz, J. Biermann, C. Chong,
and S. Das, “Resource Management Coordination with
Level 2/3 Fusion Issues and Challenges,” IEEE Aerospace
and Electronic Systems Magazine, vol. 23, no. 3,
pp. 32-46, 2008.
[3] T. Bass, “Intrusion detection systems and multisensory
data fusion,” Communications of the ACM, vol. 43, no.
4, 2000.
[4] M. R. Endsley, “Toward a theory of situation awareness
in dynamic systems,” Human Factors Journal,vol. 37,
no. 1, pp. 32–64, 1995.
[5] A. J. Rashidi, H. Shirazi and K. Dadashtabar, “Multi-
Level Fusion to improve threat pattern recognition in
cyber defense,” Journal of mathematics and computer
Science, 2014. (in Persian)
[6] W. Streilein, J. Truelove, C. R. Meiners and G. Eakman,
“Cyber Situational Awareness through Operational
Streaming Analysis,” The 2011 Military Communications
Conference - Track 3 - Cyber Security and Network
Operations, pp.1152-1157, 2011.
[7] S. Vidalis and A. Jones, “Using vulnerability trees for
decision making in threat assessment,” University of
Glamorgan, School of Computing, Tech. Rep. CS-03-2,
2003.
[8] J. Allanach, H. Tu, S. Singh, P. Willett, and K. Pattipati,
“Detecting, tracking and counteracting terrorist networks
via hidden markov models,” in IEEE Aerospace
Conference Proceedings, pp. 3246–3257, 2004.
[9] S. J. Yang, J. Holsopple, M. Sudit, “Evaluating threat
assessment for multistage cyber-attacks,” in: Proceedings
of IEEE Military Communications Conference
(MILCOM), Workshop on Situation Management
(SIMA), 2006.
[10] J. Allanach, H. Tu, S. Singh, P. Willett, and K. Pattipati,
“Modeling threats,” IEEE Potentials, vol. 23, no. 3, pp.
18–21, 2004.
[11] Y. Liu and H. Man, “Network vulnerability assessment
using Bayesian networks, ” in: Proceedings of Data
Mining, Intrusion Detection, Information Assurance,
and Data Networks Security, vol. 5812, pp. 61–71,
2005.
[12] Insecure.com, Nmap (Network Mapper), “a free open
source utility for network exploration or security auditing,”
http://insecure.org/nmap, 2007.
[13] M. Sudit, A. Stotz, and M. Holender, “Situational
awareness of a coordinated cyber-attack,” SPIE Defense
& Security Symposium, Orlando, 2005.
[14] E. Blasch, P. Valin, and E. Bosse, “Measures of
Effectiveness for High-Level Fusion,” Int. Conf. on
Info. Fusion, 2010.
[15] E. Blasch, J. Linas, D. Lambert, P. Valin, S. Das, C-Y.
Chong, M. M. Kokar, and E. Shahbazian, “High
Level Information Fusion Developments, Issues, and
Grand Challenges – Fusion10 Panel Discussion,” Int.
Conf. on Info Fusion - Fusion10, 2010.
[16] D. A. Lambert, “A Blueprint for Higher Level Fusion
Systems,” Journal of Information Fusion, vol. 9, no. 1,
pp. 6-24, 2009.
[17] C. Phillips and L. P. Swiler, “A graph-based system for
network vulnerability analysis,” in NSPW 98: Proceedings
of the 1998 workshop on new security paradigms.
New York, NY, USA: ACM Press, pp. 71–79, 1998.
[18] M. A. Solano, S. Ekwaro-Osire, and M. M. Tanik,
“High-Level fusion for intelligence applications using
Recombinant Cognition Synthesis,” Information Fusion,
vol. 13, no. 1, pp. 79-98, 2012.
[19] S. Maskell, “A Bayesian approach to fusing uncertainty
imprecise and conflicting information,” Information
Fusion, vol. 9, pp. 259-277, 2008.
[20] J. Gomez-Romero and J. Garcia, “Strategies and
Techniques for Use and Exploitation of Contextual Information for High-Level Fusion Architectures,” Int.
Conf. on Info. Fusion, 2010.
[21] E. Blasch, E. Bosse, and D. A. Lambert, “High-Level
Information Fusion Management and Systems Design,”
Artech House, 2012.
[22] G. Toth, M. M. Kokar, K. Wallenius, K. B. Laskey, M.
Sudit, M. Hultner, and O. Kessler, “Higher-level Information
Fusion: Challenges to the Academic Community,”
Panel Discussion, Int. Conf. On Info. Fusion,
2008.
[23] J. Holsopple, S. J. Yang, and M. Sudit, “Threat assessment
for networked data and information, ” In Proceedings
of SPIE, Defense and Security Symposium, vol.
6242, April 2006.
[24] L. E. Chase, “Integration of Cyber Situational Awareness
into System Design,” Thesis: Degree of Master of
Science, Department of Electrical and Computer Engineering,
Air University, Ohio, 2009.
[25] E. Blasch, J. J. Salerno, and G. Tadda, “Measuring the
Worthiness of Situation Assessment, ” IEEE Nat. Aerospace
Electronics Conf., 2011.
[26] N. Ye, Y. Zhang, and C. M. Borror, “Robustness of
the markov-chain model for cyber-attack detection,”
in IEEE Transactions on Reliability, vol. 53, no. 1,
pp. 116–123, 2004.
[27] S. Schreiber-Ehle and W. Koch, “The JDL Model of
Data Fusion Applied to Cyber-Defense, ” a Review
Paper, 2012 Workshop on Sensor Data Fusion: Trends,
Solutions, Applications (SDF), pp. 116-119, 2012.
[28] V. Prasanth and K. R. Mudireddy, “Error Analysis of
Sequence Modeling for Projecting Cyber Attacks,” Thesis:
Degree of Master of Science in Computer Engineering,
Kate Gleason College of Engineering Rochester
Institute of Technology, 2012.
[29] E. P. Blasch, D. A. Lambert, P. Valin, M. Kokar, J.
Linas, S. Das, C. Chong and E. Shahbazian, “High Level
Information Fusion (HLIF): Survey of Models, Issues
and Grand Challenges,” IEEE A&E SYSTEMS MAGAZINE,
pp. 4-20, 2012.
[30] H. Chai and Y. Du,A, “Framework of Situation
Awareness Based on Event Extraction and Correlation
for Military Decision Support,” Proceedings of 2012
IEEE International Conference on Mechatronics and
Automation, August 5 - 8, Chengdu, China, pp. 192-
196, 2012.
[31] N. Ye, X. Li, Q. Chen, S. M. Emran, and M. Xu, “ Probabilistic
techniques for intrusion detection based on
computer audit data, ” IEEE Transactions on Systems
Man and Cybernetics,vol. 31, pp. 266–274, July 2001.
[32] D. S. Fava, “Characterization of cyber attacks through
variable length markov models. Master’s thesis,” Rochester
Insitute of Technology, 2007.
[33] S. R. Byers,“Real-time fusion and projection of network
intrusion activity,” Master’s thesis, Rochester Institute
of Technology, 2008.
[34] C. R. Shalizi and K. L. Klinkner, “ Blind construction of
optimal nonlinear recursive predictors for discrete sequences,”
In Proceedings of the 20th conference on
Uncertainty in artificial intelligence, UAI ’04, Arlington,
Virginia, United States, pp. 504–511, 2004.
[35] J. P. Crutchfield and K. Young, “Inferring statistical
complexity,” Phys. Rev. Lett., vol. 63, pp. 105–108,
July 1989.