Title :
Attack scenario recognition through heterogeneous event stream analysis
Author :
Mathew, Sunu ; Upadhyaya, Shambhu
Author_Institution :
Dept. of Comput. Sci. & Eng., State Univ. of New York at Buffalo, Buffalo, NY, USA
Abstract :
Stealthy, goal-oriented multistage attacks are difficult to detect since they often consist of specific attack steps that do not cause significant variations in the statistical distributions of data streams. We present an approach for attack scenario detection and recognition that is based on analyzing data streams from multiple heterogeneous sensors. Events captured from these sensors are used to generate high-dimensional state vectors that characterize overall system-wide activity. Monitoring the time series of these state vectors through principal component analysis forms the basis of an anomaly detection technique for real-time scenario detection. Data traffic from a real network that emulates a military intelligence network is used to test and validate this approach. Results indicate that our approach is both effective and has low computational requirements, making it a candidate for practical implementation.
Keywords :
military computing; principal component analysis; security of data; anomaly detection technique; attack scenario recognition; data streams; data traffic; goal-oriented multistage attacks; heterogeneous event stream analysis; high-dimensional state vectors; military intelligence network; principal component analysis; real-time scenario detection; statistical distributions; Character generation; Data analysis; Intelligent sensors; Military computing; Monitoring; Principal component analysis; Sensor phenomena and characterization; Sensor systems; Statistical distributions; Telecommunication traffic;
Conference_Titel :
Military Communications Conference, 2009. MILCOM 2009. IEEE
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4244-5238-5
Electronic_ISBN :
978-1-4244-5239-2
DOI :
10.1109/MILCOM.2009.5379763
