Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Model Towards Using Evidence from Security Events for Network Attack Analysis

Published

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Abstract

Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use evidence obtained from security events to construct an attack scenario and build an evidence graph. To achieve the accuracy and completeness of the evidence graph, we use Prolog inductive and abductive reasoning to correlate evidence by reasoning the causality, and use an anti-forensics database and a corresponding attack graph to find the missing evidence. In addition, because the constructed scenario and supplied evidence might need to stand up in the court of law, the federal rules of evidence are also taken into account to predetermine the admissibility of the evidence.
Proceedings Title
WOSIS 2014, International Workshop on Security in Information Systems
Conference Dates
April 27, 2014
Conference Location
Lisbon, PT

Keywords

Attack Graph, Forensic Analysis, Evidence Graphs, Vulnerability Database, Inductive Reasoning, Admissibility

Citation

Liu, C. , Singhal, A. and Wijesekera, D. (2014), A Model Towards Using Evidence from Security Events for Network Attack Analysis, WOSIS 2014, International Workshop on Security in Information Systems, Lisbon, PT, [online], https://doi.org/10.5220/0004980300830095, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=915771 (Accessed October 8, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created April 26, 2014, Updated October 12, 2021
Was this page helpful?