Steven Cheung, Ulf Lindqvist, Martin W. Fong  Home/Search
Context Related
| sri.com/papers/c/h...ongdiscex3cr.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: honeypots.net/ids/links (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: Efforts toward automated detection and identification of multistep cyber attack scenarios would benefit significantly from a methodology and language for modeling such scenarios. The Correlated Attack Modeling Language (CAML) uses a modular approach, where a module represents an inference step and modules can be linked together to detect multistep scenarios. CAML is accompanied by a library of predicates, which functions as a vocabulary to describe the properties of system states and events.... (Update)
Cited by: More
A Comprehensive Approach to Intrusion Detection Alert.. - Valeur, Vigna.. (2004) (Correct)
Active bibliography (related documents): More All
0.6: The XenoService - A Distributed Defeat for Distributed.. - Yan, Early, Anderson (Correct)
0.6: From Declarative Signatures to Misuse IDS - Pouzol, Ducassé (2001) (Correct)
0.6: Techniques and Tools for Analyzing Intrusion Alerts - Ning, Cui, Reeves, Xu (2004) (Correct)
Similar documents based on text: More All
0.3: Agile Monitoring for Cyber Defense - Doyle, Kohane, Long, Shrobe.. (2001) (Correct)
0.2: Evaluating Intrusion Detection Systems: The 1998.. - Lippmann, Fried.. (2000) (Correct)
0.2: Persistent Objects in the Fleet System - Malkhi, Reiter, Tulone, Ziskind (2001) (Correct)
BibTeX entry: (Update)
S. Cheung, U. Lindqvist, and M. Fong, "Modeling Multistep Cyber Attacks for Scenario Recognition," Proc. DARPA Information Survivability Conf. and Exposition (DISCEX III), pp. 284-292, Apr. 2003. http://citeseer.ist.psu.edu/cheung03modeling.html More
@misc{ cheung03modeling,
author = "S. Cheung and U. Lindqvist and M. Fong",
title = "Modeling Multistep Cyber Attacks for Scenario Recognition",
text = "S. Cheung, U. Lindqvist, and M. Fong, Modeling Multistep Cyber Attacks
for Scenario Recognition, Proc. DARPA Information Survivability Conf. and
Exposition (DISCEX III), pp. 284-292, Apr. 2003.",
year = "2003",
url = "citeseer.ist.psu.edu/cheung03modeling.html" }
Citations (may not include all citations):2157 Design Patterns: Elements of Reusable Object-Oriented Softwa.. (context) - Gamma, Helm et al. - 1995
1044 Maintaining knowledge about temporal intervals (context) - Allen - 1983
249 Artificial Intelligence (context) - Winston - 1977
132 EMERALD: Event monitoring enabling responses to anomalous li.. - Porras, Neumann - 1997
41 Experience with EMERALD to date - Neumann, Porras - 1999
40 Aggregation and correlation of intrusion-detection alerts (context) - Debar, Wespi - 2001
39 Detecting computer and network misuse through the production.. - Lindqvist, Porras - 1999
38 Probabilistic alert correlation - Valdes, Skinner - 2001
36 Practical automated detection of stealthy portscans (context) - Staniford, Hoagland et al. - 2002
32 STATL: An attack language for state-based intrusion detectio.. - Eckmann, Vigna et al. - 2002
24 Automated generation and analysis of attack graphs (context) - Sheyner, Haines et al. - 2002
20 LAMBDA: A language to model a database for detection of atta.. (context) - Cuppens, Ortalo - 2000
18 Intrusion Detection Message Exchange Format: Data Model and .. (context) - Curry, Debar - 2002
17 requireprovide model computer attack - Levitt, model et al. - 2000
17 Smurf IP Denial-of-Service Attacks (context) - Center - 1998
16 Using model checking to analyze network vulnerabilities (context) - Ritchey, Ammann - 2000
15 A mission-impactbased approach to INFOSEC alarm correlation (context) - Porras, Fong et al. - 2002
10 Mining alarm clusters to improve alarm handling efficiency - Julisch - 2001
8 Abstraction-based intrusion detection in distributed environ.. - Ning, Jajodia et al. - 2001
7 NetKuang--a multi-host configuration vulnerability checker - Zerkle, Levitt - 1996
7 Model-based analysis of configuration vulnerabilities - Ramakrishnan, Sekar - 2002
6 Information modeling for intrusion report aggregation - Goldman, Heimerdinger et al. - 2001
3 Distributed Denial of Service Tool (context) - Center - 2000
3 Distributed Denial of Service Tools (context) - Center - 1999
2 ADeLe: An attack description language for knowledge-based in.. - Michel - 2001
1 The inquisitive sensor: A tactical tool for system survivabi.. (context) - Lindqvist - 2001
1 attacks using the Domain Name System (context) - Emergency, Team et al. - 1999
1 Buffer Overflow In IIS Indexing Service DLL (context) - Center - 2001
Documents on the same site (http://www.honeypots.net/ids/links): More
Attacks at the Data Link Layer - Marro (2003) (Correct)
A Data Level Database Inference Detection System - Yip (1998) (Correct)
An Experience Developing an IDS Stimulator for the.. - Mutz, Vigna, Kemmerer (2003) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC