تجسم حملات سایبری چندمرحلهای مبتنی بر مدل انتقال باور و استنتاج فازی

نویسندگان

1 دانشیار، مرکز پژوهشی علوم و فناوری ادغام اطلاعات، دانشگاه صنعتی مالک اشتر، تهران، ایران

2 دانشجوی دکترا، مرکز پژوهشی علوم و فناوری ادغام اطلاعات، دانشگاه صنعتی مالک اشتر، تهران، ایران

3 استادیار، دانشکده مهندسی فناوری‌های نوین، دانشگاه تخصصی فناوری‌های نوین آمل، آمل، ایران

چکیده

تحلیلگر امنیتی در یک سامانه آگاهی وضعیتی سایبری براساس میزان باورپذییری هذه او وضذعیی آینذسب هیذ مذی هنذس مذی توانذس
مناس ترین تصمیمهای دفاعی را اتخاذ هنس. در این سامانه میزان باورپییری یک وضعیی او تخمین وضعیتی و ادغام اطلاعات سطح بالا به
دسی میآیس. در حال حاضر چالشیترین موضوع در ادغام اطلاعات سطح بالا برای دسییابی به آگاهی او وضذعیی آینذسب و ارویذابی تذا یر
حملات سایبری مسلساوی تجیم حملات با چهار مولفه تجیم یعنی رفتار، فرصی، قابلیی و نیی اسی. عمسب طرحها و الگوریتمهای قبلی
در مسلساوی تجیم، برای سادبساوی در اجرای مسل چهار مولفه فوق را میتقل فرض هردب و عملا او تا یر مولفهها بذر یدذسیگر و قذسرت
ترهی آنها در تجیم حملات سایبری چنسمرحلهای صرفنظر هردبانس؛ اما در این مقاله طرح جسیسی براساس ترهیذ فذاوی مولفذه هذای
تجیم و مسل انتقال باور ارائه شسب اسی. با این طرح میتوان اهساف بعسی یک حمله سایبری چنسمرحلهای را بهطور مو ر تجیذم نمذود و
تخمین مناسبی او باورپییری آن ارائه داد. این طرح پیشنهادی در نهایی با استفادب او دادگان معتبر، براساس حملات با نویز بالا، حمذلا ت
مخفی و حملات با تا یر بالا و پایین مورد ارویابی قرار گرفته اسی. نتایج شبیهساوی هم با توجه به سناریوهای تعریفشسب نشان او افذزی
میزان دقی با میانگین هفسب درصسی در تجیم حملات سایبری چنس مرحلهای دارد.

کلیدواژه‌ها


عنوان مقاله [English]

Projection of Muli Stage Cyber Attack Based on Belief Model and Fuzzy Inference

نویسندگان [English]

  • Ali Jabbar Rashidi 1
  • Kourosh Dadashtabar Ahmadi 2
  • Farid Samsami Khodadad 3
1 Associate Professor, Information Integration Science and Technology Research Center, Malik Ashtar University of Technology, Tehran, Iran
2 PhD student, Information Integration Science and Technology Research Center, Malik Ashtar University of Technology, Tehran, Iran
3 Assistant Professor, New Technologies Engineering Faculty, Amol University of New Technologies, Amol, Iran
چکیده [English]

Determination of plausible future of ungoing cyber attacks enables the security analyst to make the
best defense decisions based on achieved plausibility level. To achive the plausibility level of a
situation, situational estimation and high level information fusion are used. In high level information
fusion, for situation awareness of future and impact assessment of cyber attacks four componnets of
projecting, behaviour, capability, opportunity and intent are used.
Almost all of the models used for projecting multi stage cyber attacks assuming the four
components independent from each other to simplify the implementation. Thus, they ignored the
impact of the components on each other and their combination ability in projecting multi stage cyber
attacks.In this paper, we have presented a scheme based on belif model and fuzzy inference. Finally,
the scheme has been evaluated using valid dataset, high stealth attacks and high impact and low
impact attacks. The simulation results for the defined scenarios show accuracy increasy in projecting
multi-stage cyber attacks.

کلیدواژه‌ها [English]

  • Situationa Awareness
  • Cyber Attack
  • Cyber Defense
  • Belief Model
  • Fuzzy Inference
[1]    K. Dadashtabar, A. J. Rashidi and H. Shirazi, “ A new pattern for improvment of situation awareness beasd on information fusion,” 6'th National conference in electronic warfare, 2014.( in persian)
[2]    K. Dadashtabar, A. J. Rashidi, and  H. Shirazi, “A new model for projection of multi stage cyber attack,” 2'th National symposium in cyber defence, 2015. (in persian)
[3]    K. Dadashtabar, A. J. Rashidi, and H. Shirazi, “a new architecture for impact projection of cyber attacks based on high level information fusion in cyber command and control,” journal of electronical & cyber defence, vol. 2, no. 4, 2015, no. 8, (in persian)
[4]     X. Qin and W. Lee, “Discovering novel attack strategies from INFOSEC alerts, in Data Warehousing and Data Mining Techniques for Cyber Security, Springer, pp.       109–157, 2007.
[5]     J. Wu, L. Yin, and Y. Guo, “Cyber-attacks prediction model based on Bayesian network, presented at the Proceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems, pp. 730–731, 2012.
[6]     U. Lindqvist and E. Jonsson, “How to systematically classify computer security intrusions,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 154–163, (Oakland, CA, USA), 1997.
[7]     P. G. Neumann and D. B. Parker, “A summary of computer misuse techniques,” in Proceedings of the 12th National Computer Security Conference, pp. 396–407, (Baltimore, Maryland, USA), 1989.
[8]     S. Vidalis and A. Jones, “Using vulnerability trees for decision making in threat assessment,” tech. rep. University of Glamorgan, School of Computing, Wales, UK, June 2003.
[9]     C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceed-ings of the 1998 workshop for new security paradigms, pp. 71–79, (New York, NY, USA), 1998.
[10]   F. Valeur, G. Vigna, C. Kruegel, and R. A. Kemmerer, “Comprehensive approach to intrusion detection alert correlation,” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 3, pp. 146–169, 2004.
[11]   P. Porras, M. Fong, and A. Valdes, “A mission impact based approach to infosec alarm correlation,” in Recent Advances in Intrusion Detection, 5th International Symposium, RAID 2002. Proceedings (Lecture Notes in Computer Science Vo. 2516), pp. 95 – 114, (Zurich, Switzerland), 2002.
[12]   J. A. Brian, “Virtual Terrain Assisted Impact Assessment for Cyber Attacks,” Rochester, New York, July 2007.
[13]   S. H. Chien and C. S. Ho, “A Novel Threat Prediction Framework for Network Security,” in Advances in Information Technology and Industry Applications, Springer, pp. 1–9, 2012.
[14]   J. Holsopple, S. J. Yang, and M. Sudit, “TANDI: threat assessment of network data and information, presented at the Defense and Security Symposium, p. 62420, 2006.
[15]   C. Cipriano, A. Zand, A. Houmansadr, C. Kruegel, and G. Vigna, “Nexat: A history-based approach to predict attacker actions,” presented at the Proceedings of the 27th Annual Computer Security Applications Conference, pp. 383–392, 2011.
[16]   Z. Li, J. Lei, L. Wang, and D. Li, “A data mining approach to generating network attack graph for intrusion prediction, presented at the Fuzzy Systems and Knowledge Discovery, Fourth International Conference on FSKD 2007, vol. 4, pp. 307–311, 2007.
[17]   P. Liu, W. Zang, and M. Yu, “Incentive based modeling and inference of attacker intent,” objectives and strategies, ACM Trans. Inf. Syst. Secur. TISSEC, vol. 8, no. 1, pp. 78–118, 2005.
[18]   K. Tang, M. Zhao, and M. Zhou, “Cyber Insider Threats Situation Awareness Using Game Theory and Information Fusion based User Behavior Predicting Algorithm, J. Inf. Comput. Sci. vol. 8, no. 3, pp. 529–545, 2011.
[19]   F. Gao, J. Sun, and Z. Wei, “The prediction role of hidden markov model in intrusion detection,” presented at the Electrical and Computer Engineering, IEEE CCECE 2003, vol. 2, pp. 893–896, 2003.
[20]   D. Man, Y. Wang, Y. Wu, and W. Wang, “A combined prediction method for network security situation,” International Conference on presented at the Computational Intelligence and Software Engineering (CiSE), pp. 1–4, 2010.
[21]   S. J. Yang, A. Stotz, J. Holsopple, M. Sudit, and M. Kuhl, “High level information fusion for tracking and projection of multistage cyber-attacks, Inf. Fusion, vol. 10, no. 1, pp. 107–121, 2009.
[22]   D. S. Fava, S. R. Byers, and S. J. Yang, “Projecting cyber attacks through variable-length markov models, Inf. Forensics Secur. IEEE Trans. On, vol. 3, no. 3, pp. 359–369, 2008.
[23]   J. Holsopple, J. Yang, and M. Sudit, “TANDI: Threat assessment of network data and information,” in Proceedings of SPIE, Defense and Security Symposium, vol. 6242, pp. 114–129, April 2006.
[24]   D. Fava, J. Holsopple, S. J. Yang, and B. Argauer, “Terrain and behavior modeling for projecting multistage cyber attacks,” 10th International Conference in Information Fusion, pp. 1–7, 2007.
[25]   J. Holsopple and S. Yang, “FuSIA: Future situation and impact awareness,” in Proceedings of 11th International Conference on Information Fusion, pp. 1–8, 2008.