Abstract
We describe a computer network attack model with two novel features: it uses a very flexible action representation, the situation calculus and goal-directed procedure invocation to simulate intelligent, reactive attackers. Using the situation calculus, our simulator can project the results actions with complex preconditions and context-dependent effects. We have extended the Golog situation calculus programming with goal-directed procedure invocation. With goal-directed invocation one can express attacker plans like “first attain root privilege on a host trusted by the target, and then exploit the trust relationship to escalate privilege on the target.” Our simulated attackers choose among methods that can achieve goals, and react to failures appropriately, by persistence, choosing alternate means of goal achievement, and/or abandoning goals. We have designed a stochastic attack simulator and built enough of its components to simulate goal-directed attack on a network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
American Association for Artificial Intelligence, Proceedings of the Seventeenth National Conference on Artificial Intelligence, Menlo Park, CA, July 2000. AAAI Press/MIT Press.
C. Boutilier, R. Reiter, M. Soutchanski, and S. Thrun, “Decision-theoretic, High-level Agent Programming in the Situation Calculus,”, in Proceedings of the Seventeenth National Conference on Artificial Intelligence [1], pp. 355–362.
M. E. Bratman, “What is Intention?,” in Intentions in Communication, P. Cohen, J. Morgan, and M. Pollack, editors, chapter 2, pp. 15–31, MIT Press, Cambridge, MA, 1990.
F. Cuppens and R. Ortalo, “LAMBDA: A Language to Model a Database for Detection of Attacks,” in RAID, H. Debar, L. Mé, and S. F. Wu, editors, volume 1907 of Lecture Notes in Computer Science, pp. 197–216. Springer, 2000.
DARPA and the IEEE Computer Society, DARPA Information Survivability Conference and Exposition(DISCEX-2001), 2001.
O. Etzioni, “Intelligence without Robots: A Reply to Brooks,” AI Magazine, vol. 14, no. 4, pp. 7–13, 1993.
O. Etzioni, K. Golden, and D. Weld, “Tractable Closed World Reasoning with Updates,” in Principles of Knowledge Representation and Reasoning:Proceedings of the Fourth International Conference, J. Doyle, E. Sandewall, and P. Torasso, editors, pp. 178–189. Morgan Kaufmann Publishers, Inc., 1994.
A. Finzi, F. Pirri, and R. Reiter, “Open World Planning in the Situation Calculus,”, in Proceedings of the Seventeenth National Conference on Artificial Intelligence [1], pp. 754–760.
R. J. Firby, “An Investigation in Reactive Planning in Complex Domains,” in Proceedings of the Sixth National Conference on Artificial Intelligence, pp. 196–201. AAAI, Morgan Kaufmann Publishers, Inc., 1987.
C. W. Geib and R. P. Goldman, “Plan recognition in intrusion detection systems,”, in DARPA Information Survivability Conference and Exposition(DISCEX-2001) [5], pp. 46–55.
M. Georgeff and A. Lansky, “Procedural Knowledge,” Proceedings of the IEEE, Special Issue on Knowledge Representation, vol. 74, pp. 1383–1398, October 1986.
M. P. Georgeff and F. F. Ingrand, “Real-Time Reasoning: The Monitoring and Control of Spacecraft Systems,” in Proceedings of the Sixth Conference on Artificial Intelligence Application, pp. 198–204, 1990.
G. D. Giacomo, Y. Lesperance, and H. Levesque, “ConGolog, A concurrent programming language based on the situation calculus,” Artificial Intelligence, vol. 121, no. 1-2, pp. 109–169, 2000.
G. D. Giacomo, H. J. Levesque, and S. Sardiña, “Incremental execution of guarded theories,” ACM Transactions on Computational Logic, vol. 2, no. 4, pp. 495–525, October 2001.
R. P. Goldman, W. Heimerdinger, S. A. Harp, W. Geib, V. Thomas, and R. L. Carter, “Information Modeling for Intrusion Report Aggregation,”, in DARPA Information Survivability Conference and Exposition(DISCEX-2001) [5], pp. 329–342.
H. Grosskreutz and G. Lakemeyer, “On-Line Execution of cc-Golog Plans,” in Proceedings of the 17th International Joint Conference on Artificial Intelligence, pp. 12–18, Los Altos, CA, August 2001, Morgan Kaufmann Publishers, Inc.
A. R. Haas, “The case for domain-specific frame axioms,” in The Frame Problem in Artificial Intelligence: Proceedings of the 1987 Workshop. Morgan Kaufmann, 1987.
Y. Lesperance, August 2001. Personal communication.
H. J. Levesque and M. Pagnucco, “Legolog: Inexpensive Experiments in Cognitive Robotics,” in Proceedings of the Second International Cognitive Robotics Workshop, Berlin, Germany, August 2000.
H. J. Levesque, R. Reiter, Y. Lesperance, F. Lin, and R. Scherl, “GOLOG: A Logic Programming Language for Dynamic Domains,” Journal of Logic Programming, vol. 31, no. 1-3, pp. 59–83, 1997.
J. McCarthy and P. J. Hayes, “Some philosophical problems from the standpoint of artificial intelligence,” in Machine Intelligence, B. Meltzer and D. Michie, editors, volume 4, Edinburgh University Press, Edinburgh, 1969.
R. Reiter, “The Frame Problem in the Situation Calculus: A Simple Solution (Sometimes) and a Completeness Result for Goal Regression,” in Artificial Intelligence and Mathematical Theory of Computation: Papers in Honor of John McCarthy, Vladimir Lifschitz (Ed.), Academic Press, 1991.
R. Reiter, Knowledge in Action, MIT Press, Cambridge, MA, 2001.
R. W. Ritchey and P. Ammann, “Using model checking to analyze network vulnerabilities,” in Proceedings 2000 IEEE Computer Society Symposium on Security and Privacy, pp. 156–165, May 2000.
R. B. Scherl and H. J. Levesque, “The Frame Problem and Knowledge-producing Actions,” in Proceedings of the Eleventh National Conference on Artificial Intelligence, pp. 689–695, Menlo Park, CA, 1993, AAAI Press/MIT Press.
B. Schneier, Secrets & Lies, John Wiley & Sons, 2000.
L. Schubert, “Monotonic Solution of the Frame Problem in the situation calculus,” in Knowledge Representation and Defeasible Reasoning, J. H.E. Kyburg, editor, pp. 23–67, Kluwer Academic Publishers, 1990.
O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, “Automated generation and analysis of attack graphs,” in 2002 IEEE Symposium on Security and Privacy (SSP’ 02), pp. 273–284, Washington-Brussels-Tokyo, May 2002, IEEE.
S. J. Templeton and K. Levitt, “A Requires/Provides Model for Computer Attacks,” in Proceedings of the New Security Paradigms Workshop, sep 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Goldman, R.P. (2002). A Stochastic Model for Intrusions. In: Wespi, A., Vigna, G., Deri, L. (eds) Recent Advances in Intrusion Detection. RAID 2002. Lecture Notes in Computer Science, vol 2516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36084-0_11
Download citation
DOI: https://doi.org/10.1007/3-540-36084-0_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00020-4
Online ISBN: 978-3-540-36084-1
eBook Packages: Springer Book Archive