Visible to the public An Experiement Using Factor Graph for Early Attack DetectionConflict Detection Enabled

TitleAn Experiement Using Factor Graph for Early Attack Detection
Publication TypeThesis
Year of Publication2015
AuthorsPhuong Cao, University of Illinois at Urbana-Champaign
Academic DepartmentComputer Science
UniversityUniversity of Illinois at Urbana-Champaign
CityUrbana, IL
Thesis TypeMaster of Science
KeywordsFrom Measurements to Security Science: Data-Driven Approach, NSA SoS Lablets Materials, science of security, UIUC
Abstract

This paper presents a factor graph based framework (namely AttackTagger) for high accuracy and preemptive detection of attacks. We use security logs on real-incidents that occurred over a six-year period at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign to evaluate AttackTagger. Our data consist of attacks that led directly to the target system being compromised, i.e., not detected in advance, either by the security analysts or by intrusion detection systems. AttackTagger detected 74 percent of attacks, a vast majority of them were detected before the system misuse. AttackTagger uncovered six hidden attacks that were not detected by security analysts.

Citation Keynode-32258

Other available formats:

An Experiment Using Factor Graph for Early Attack Detection