Enlisting event patterns for cyber battlefield awareness

Author

Perrochon, Louis ; Jang, Eunhei ; Kasriel, Stephane ; Luckham, David C.

Author_Institution

Stanford Univ., CA, USA

Volume

2

fYear

2000

fDate

6/22/1905 12:00:00 AM

Firstpage

411

Abstract

Cyber warfare consists to a large degree of reaction to activities happening in the information infrastructure. Better knowledge of the status of this infrastructure at any time allows more appropriate reactions. Context-based event correlation can provide a more appropriate view of the cyber battlefield by providing users a view on the desired level of abstraction. We informally introduce context as the temporal and causal relations between events. Event correlation based on event patterns in a declarative language means we specify what to detect, instead of how to detect. We describe the Stanford University context-based event correlator that is able to process events on-line, as they are generated. It can be reconfigured dynamically while it is running. On the example of intrusion detection, we show how Complex Event Processing (CEP) increases detection rate, reduce false alarms, and detect large-scale attack patterns at an early stage

Keywords

computer network management; security of data; supervisory programs; Stanford University context-based event correlator; context-based event correlation; cyber battlefield awareness; cyber warfare; declarative language; event patterns; information infrastructure; intrusion detection; large-scale attack patterns; Arm; Computer crime; Computer networks; Computer security; Data security; Ear; Event detection; IP networks; Intrusion detection; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings

Conference_Location

Hilton Head, SC

Print_ISBN

0-7695-0490-6

Type

conf

DOI

10.1109/DISCEX.2000.821538

Filename

821538