A Collaborative Tool for Modelling Multi-stage Attacks

Ian Herwono; Fadi Ali El-Moussa

doi:10.5220/0006137103120317

A Collaborative Tool for Modelling Multi-stage Attacks

Ian Herwono, Fadi Ali El-Moussa

2017

Abstract

Cyber-attacks that are conducted in multiple stages over short or long periods of time are becoming more common. One approach for detecting such attacks at an early stage is to make use of attack patterns and attack signatures to provide a structure for correlating events collected from various sensors in the network. In this paper, we present our ongoing work on a pattern recognition system that aims to support cyber-defence analysts in sharing their attack knowledge and threat intelligence in the form of attack patterns or scenarios that can later be used to discover potential security breaches in their network. Our main goal is to allow the analysts to associate the attack patterns with their own organisation’s security data and thus benefit from the collective attack knowledge without revealing any confidential information. We present the architecture of the system and describe a typical process for modelling multi-stage attacks. We demonstrate how its analytics engine interprets an attack pattern, tasks the data source agents to fetch and correlate relevant security events, and reports the results back for visualisation and further investigation.

Download

Paper Citation

in Harvard Style

Herwono I. and El-Moussa F. (2017). A Collaborative Tool for Modelling Multi-stage Attacks . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 312-317. DOI: 10.5220/0006137103120317

in Bibtex Style

@conference{icissp17,
author={Ian Herwono and Fadi Ali El-Moussa},
title={A Collaborative Tool for Modelling Multi-stage Attacks},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={312-317},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006137103120317},
isbn={978-989-758-209-7},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Collaborative Tool for Modelling Multi-stage Attacks
SN - 978-989-758-209-7
AU - Herwono I.
AU - El-Moussa F.
PY - 2017
SP - 312
EP - 317
DO - 10.5220/0006137103120317