Steven Templeton and Karl Levitt. A requires/provides model for computer attacks. In Proceedings of the New Security Paradigms Workshop, Cork, Ireland, 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....users or learned through training datasets. Obviously, these methods are restricted to known attack scenarios. A variation in this class uses a consequence mechanism to specify what types of attacks may follow a given attack, partially addressing this problem [8] The third class (e.g. JIGSAW [18]) is based on the preconditions and consequences of individual attacks; it correlates alerts if the precondition of some later alerts are satisfied by the consequences of some earlier alerts. Compared with the first two classes of methods, this class can potentially uncover the causal relationship ....

....by the consequences of some earlier alerts. Compared with the first two classes of methods, this class can potentially uncover the causal relationship between alerts, and is not restricted to known attack scenarios. Please see Section 5 for more related work. To our best knowledge, JIGSAW [18] is the only published result that falls into the third class . It was originally proposed to represent complex attacks, and the authors envisaged to apply it to correlate intrusion alerts. However, several problems make it difficult for JIGSAW to be a practical alert correlation technique. ....

[Article contains additional citation context not shown here]

S. Templeton and K. Levit. A requires/provides model for computer attacks. In Proceedings of New Security Paradigms Workshop, pages 31 -- 38. ACM Press, September 2000.

.... These include N code used in Network Flight Recorder [55] P BEST used in SRI s EMERALD [36] RUSSEL used in ASAX [20] SNP L [68] GASSATA [43] the language used in IDIOT [9, 34, 33] the language used in Bro [51] the language used in Snort [56, 62] parallel environment grammars [32] JIGSAW [67], REE [59, 60] and ASL [58] Correlation languages describe the relations among separate events, possibly detected by a detection language, and attempt to reason abstract meaningful events from them. Examples of correlation languages are Honeywell s ARGUS [2] SRI s eBayes [69] STATL [13] ....

S. J. Templeton and K. Levitt. A Requires/Provides Model for Computer Attacks. In Proceedings of the New Security Paradigms Workshop 2000.

....example, an hypothesis, explaining the perpetrator s method and activities, would be identi ed, and alternative explanations ruled out. The attacker s method and activities may be modeled on experience with other attackers. Such a model may be based upon attack modeling languages such as JIGSAW [40] and techniques of automated diagnosis [13] 6.2.3 Model of attacker Various attackers will leave di erent traces of their activity, but classes of attacks will have common characteristics. By having a model of the attacker, the evidence may lead to the attacker s intentions and to where other ....

Steven J. Templeton and Karl Levitt. A requires/provides model for computer attacks. In Proceedings of the New Security Paradigms Workshop, Cork Ireland, Sept. 19-21, 2000.

No context found.

Templeton, S. and Levitt, K. 2000. A requires/provides model for computer attacks. In Proceedings of New Security Paradigms Workshop. ACM Press, 31 -- 38.

No context found.

S. J. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of the 2000.

No context found.

S. J. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of the New Security Paradigms Workshop, Cork Ireland, Sept. 19-21, 2000.

No context found.

Steven Templeton and Karl Levitt. A requires/provides model for computer attacks. In Proceedings of the New Security Paradigms Workshop, Cork, Ireland, 2000.

No context found.

S.J. Templeton and K. Levitt, "A Requires/Provides Model for Computer Attacks," Proc. New Security Paradigms Workshop, pp. 3138, Sept. 2000.

No context found.

S. Templeton and K. Levit. A requires/provides model for computer attacks. In Proc. of New Security Paradigms Workshop, pages 31--38. September 2000.

No context found.

S. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of New Security Paradigms Workshop, pages 31 -- 38. ACM Press, September 2000.

No context found.

S. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of New Security Paradigms Workshop, pages 31 -- 38. ACM Press, September 2000.

No context found.

S. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of New Security Paradigms Workshop, pages 31 -- 38. ACM Press, September 2000.

No context found.

Templeton, S., Levit, K.: A requires/provides model for computer attacks. In: Proceedings of New Security Paradigms Workshop, ACM Press (2000) 31 -- 38

No context found.

S. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proc. of New Security Paradigms Workshop, pages 31 -- 38. September 2000.

No context found.

S. Templeton and K. Levit. A requires/provides model for computer attacks. In Proceedings of New Security Paradigms Workshop, pages 31 -- 38. ACM Press, September 2000.

No context found.

Templeton, S., Levit, K.: A requires/provides model for computer attacks. In: Proceedings of New Security Paradigms Workshop, ACM Press (2000) 31 -- 38

No context found.

S. Templeton and K. Levit. A requires/provides model for computer attacks. In Proc. of New Security Paradigms Workshop, pages 31 -- 38. September 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC