Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Model Towards Using Evidence from Security Events for Network Attack Analysis

Published

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Abstract

Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use evidence obtained from security events to construct an attack scenario and build an evidence graph. To achieve the accuracy and completeness of the evidence graph, we use Prolog inductive and abductive reasoning to correlate evidence by reasoning the causality, and use an anti-forensics database and a corresponding attack graph to find the missing evidence. In addition, because the constructed scenario and supplied evidence might need to stand up in the court of law, the federal rules of evidence are also taken into account to predetermine the admissibility of the evidence.
Proceedings Title
WOSIS 2014, International Workshop on Security in Information Systems
Conference Dates
April 27, 2014
Conference Location
Lisbon, PT

Keywords

Attack Graph, Forensic Analysis, Evidence Graphs, Vulnerability Database, Inductive Reasoning, Admissibility

Citation

Liu, C. , Singhal, A. and Wijesekera, D. (2014), A Model Towards Using Evidence from Security Events for Network Attack Analysis, WOSIS 2014, International Workshop on Security in Information Systems, Lisbon, PT, [online], https://doi.org/10.5220/0004980300830095, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=915771 (Accessed February 27, 2024)
Created April 26, 2014, Updated October 12, 2021