Visible to the public Detecting Monitor Compromise using Evidential ReasoningConflict Detection Enabled

TitleDetecting Monitor Compromise using Evidential Reasoning
Publication TypePresentation
Year of Publication2018
AuthorsUttam Thakore, University of Illinois at Urbana-Champaign, Ahmed Fawaz, University of Illinois at Urbana-Champaign, William H. Sanders, University of Illinois at Urbana-Champaign
Keywordsevidential reasoning, Intrusion detection, machine learning, Monitoring, Fusion, and Response for Cyber Resilience, NSA SoS Lablets Materials, Resilient Architectures, science of security, security, UIUC
Abstract

Stealthy attackers often disable or tamper with system monitors to hide their tracks and evade detection. In this poster, we present a data-driven technique to detect such monitor compromise using evidential reasoning. Leveraging the fact that hiding from multiple, redundant monitors is difficult for an attacker, to identify potential monitor compromise, we combine alerts from different sets of monitors by using Dempster-Shafer theory, and compare the results to find outliers. We describe our ongoing work in this area.

Citation Keynode-54926

Other available formats:

Detecting Monitor Compromise Using Evidential Reasoning