Liu, C.
, Singhal, A.
and Wijesekera, D.
(2014),
A Model Towards Using Evidence from Security Events for Network Attack Analysis, WOSIS 2014, International Workshop on Security in Information Systems, Lisbon, PT, [online], https://doi.org/10.5220/0004980300830095, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=915771
(Accessed April 19, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Model Towards Using Evidence from Security Events for Network Attack Analysis
Published
Author(s)
Changwei Liu, , Duminda Wijesekera
Abstract
Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use evidence obtained from security events to construct an attack scenario and build an evidence graph. To achieve the accuracy and completeness of the evidence graph, we use Prolog inductive and abductive reasoning to correlate evidence by reasoning the causality, and use an anti-forensics database and a corresponding attack graph to find the missing evidence. In addition, because the constructed scenario and supplied evidence might need to stand up in the court of law, the federal rules of evidence are also taken into account to predetermine the admissibility of the evidence.Proceedings Title
WOSIS 2014, International Workshop on Security in Information Systems
Conference Dates
April 27, 2014
Conference Location
Lisbon, PT
Pub Type
Conferences
Download Paper
Keywords
Attack Graph, Forensic Analysis, Evidence Graphs, Vulnerability Database, Inductive Reasoning, Admissibility
Citation
Created April 26, 2014, Updated October 12, 2021