Projection of Muli Stage Cyber Attack Based on Belief Model and Fuzzy Inference

Authors

1 Associate Professor, Information Integration Science and Technology Research Center, Malik Ashtar University of Technology, Tehran, Iran

2 PhD student, Information Integration Science and Technology Research Center, Malik Ashtar University of Technology, Tehran, Iran

3 Assistant Professor, New Technologies Engineering Faculty, Amol University of New Technologies, Amol, Iran

Abstract

Determination of plausible future of ungoing cyber attacks enables the security analyst to make the
best defense decisions based on achieved plausibility level. To achive the plausibility level of a
situation, situational estimation and high level information fusion are used. In high level information
fusion, for situation awareness of future and impact assessment of cyber attacks four componnets of
projecting, behaviour, capability, opportunity and intent are used.
Almost all of the models used for projecting multi stage cyber attacks assuming the four
components independent from each other to simplify the implementation. Thus, they ignored the
impact of the components on each other and their combination ability in projecting multi stage cyber
attacks.In this paper, we have presented a scheme based on belif model and fuzzy inference. Finally,
the scheme has been evaluated using valid dataset, high stealth attacks and high impact and low
impact attacks. The simulation results for the defined scenarios show accuracy increasy in projecting
multi-stage cyber attacks.

Keywords


[1]    K. Dadashtabar, A. J. Rashidi and H. Shirazi, “ A new pattern for improvment of situation awareness beasd on information fusion,” 6'th National conference in electronic warfare, 2014.( in persian)
[2]    K. Dadashtabar, A. J. Rashidi, and  H. Shirazi, “A new model for projection of multi stage cyber attack,” 2'th National symposium in cyber defence, 2015. (in persian)
[3]    K. Dadashtabar, A. J. Rashidi, and H. Shirazi, “a new architecture for impact projection of cyber attacks based on high level information fusion in cyber command and control,” journal of electronical & cyber defence, vol. 2, no. 4, 2015, no. 8, (in persian)
[4]     X. Qin and W. Lee, “Discovering novel attack strategies from INFOSEC alerts, in Data Warehousing and Data Mining Techniques for Cyber Security, Springer, pp.       109–157, 2007.
[5]     J. Wu, L. Yin, and Y. Guo, “Cyber-attacks prediction model based on Bayesian network, presented at the Proceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems, pp. 730–731, 2012.
[6]     U. Lindqvist and E. Jonsson, “How to systematically classify computer security intrusions,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 154–163, (Oakland, CA, USA), 1997.
[7]     P. G. Neumann and D. B. Parker, “A summary of computer misuse techniques,” in Proceedings of the 12th National Computer Security Conference, pp. 396–407, (Baltimore, Maryland, USA), 1989.
[8]     S. Vidalis and A. Jones, “Using vulnerability trees for decision making in threat assessment,” tech. rep. University of Glamorgan, School of Computing, Wales, UK, June 2003.
[9]     C. Phillips and L. P. Swiler, “A graph-based system for network-vulnerability analysis,” in Proceed-ings of the 1998 workshop for new security paradigms, pp. 71–79, (New York, NY, USA), 1998.
[10]   F. Valeur, G. Vigna, C. Kruegel, and R. A. Kemmerer, “Comprehensive approach to intrusion detection alert correlation,” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 3, pp. 146–169, 2004.
[11]   P. Porras, M. Fong, and A. Valdes, “A mission impact based approach to infosec alarm correlation,” in Recent Advances in Intrusion Detection, 5th International Symposium, RAID 2002. Proceedings (Lecture Notes in Computer Science Vo. 2516), pp. 95 – 114, (Zurich, Switzerland), 2002.
[12]   J. A. Brian, “Virtual Terrain Assisted Impact Assessment for Cyber Attacks,” Rochester, New York, July 2007.
[13]   S. H. Chien and C. S. Ho, “A Novel Threat Prediction Framework for Network Security,” in Advances in Information Technology and Industry Applications, Springer, pp. 1–9, 2012.
[14]   J. Holsopple, S. J. Yang, and M. Sudit, “TANDI: threat assessment of network data and information, presented at the Defense and Security Symposium, p. 62420, 2006.
[15]   C. Cipriano, A. Zand, A. Houmansadr, C. Kruegel, and G. Vigna, “Nexat: A history-based approach to predict attacker actions,” presented at the Proceedings of the 27th Annual Computer Security Applications Conference, pp. 383–392, 2011.
[16]   Z. Li, J. Lei, L. Wang, and D. Li, “A data mining approach to generating network attack graph for intrusion prediction, presented at the Fuzzy Systems and Knowledge Discovery, Fourth International Conference on FSKD 2007, vol. 4, pp. 307–311, 2007.
[17]   P. Liu, W. Zang, and M. Yu, “Incentive based modeling and inference of attacker intent,” objectives and strategies, ACM Trans. Inf. Syst. Secur. TISSEC, vol. 8, no. 1, pp. 78–118, 2005.
[18]   K. Tang, M. Zhao, and M. Zhou, “Cyber Insider Threats Situation Awareness Using Game Theory and Information Fusion based User Behavior Predicting Algorithm, J. Inf. Comput. Sci. vol. 8, no. 3, pp. 529–545, 2011.
[19]   F. Gao, J. Sun, and Z. Wei, “The prediction role of hidden markov model in intrusion detection,” presented at the Electrical and Computer Engineering, IEEE CCECE 2003, vol. 2, pp. 893–896, 2003.
[20]   D. Man, Y. Wang, Y. Wu, and W. Wang, “A combined prediction method for network security situation,” International Conference on presented at the Computational Intelligence and Software Engineering (CiSE), pp. 1–4, 2010.
[21]   S. J. Yang, A. Stotz, J. Holsopple, M. Sudit, and M. Kuhl, “High level information fusion for tracking and projection of multistage cyber-attacks, Inf. Fusion, vol. 10, no. 1, pp. 107–121, 2009.
[22]   D. S. Fava, S. R. Byers, and S. J. Yang, “Projecting cyber attacks through variable-length markov models, Inf. Forensics Secur. IEEE Trans. On, vol. 3, no. 3, pp. 359–369, 2008.
[23]   J. Holsopple, J. Yang, and M. Sudit, “TANDI: Threat assessment of network data and information,” in Proceedings of SPIE, Defense and Security Symposium, vol. 6242, pp. 114–129, April 2006.
[24]   D. Fava, J. Holsopple, S. J. Yang, and B. Argauer, “Terrain and behavior modeling for projecting multistage cyber attacks,” 10th International Conference in Information Fusion, pp. 1–7, 2007.
[25]   J. Holsopple and S. Yang, “FuSIA: Future situation and impact awareness,” in Proceedings of 11th International Conference on Information Fusion, pp. 1–8, 2008.
Volume 3, Issue 2 - Serial Number 2
January 2020
Pages 13-28
  • Receive Date: 08 December 2014
  • Revise Date: 21 June 2023
  • Accept Date: 19 September 2018
  • Publish Date: 23 July 2015