Skip to main content
SpringerLink
Log in

Attack Pattern Recognition Through Correlating Cyber Situational Awareness in Computer Networks

  • Chapter
  • First Online:
Book cover Cyberpatterns

  • 1708 Accesses

Abstract

There is no denying that communication networks, in particular the Internet, have changed our lives in many ways. Many organizations and businesses in general benefit, but at the same time their communication networks face many challenges such as cyber-attacks, which can result in disruptions of services and huge financial losses. Therefore, resilience of these networks against cyber-attacks is a growing interest in the cyber security community. In this paper, we propose a framework for attack pattern recognition by collecting and correlating cyber situational information vertically across protocol-levels, and horizontally along the end-to-end network path. This will help to analyze cyber challenges from different viewpoints and to develop effective countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Information Warfare Monitor, Tracking GhostNet: Investigation Cyber Espionage Network. March 29, 2009. http://www.infowar-monitor.net/2009/09/tracking-ghostnet-investigating-a-cyber-espionage-network/

  2. 2.

    MITRE manages federally funded research and development centers (FFRDCs), partnering with government sponsors to support their crucial operational mission. CAPEC- CybOX is managed by MITRE http://www.mitre.org/

  3. 3.

    ResumeNet: http://comp.lancs.ac.uk/resilience/

References

  1. Rinalid SM, Peerenboom JP, Kelly TK. Identifying, understanding and analyzing critical infrastructure interdependencies. IEEE Control Syst Magaz. 2001;21(6):11–25. doi:10.1109/37.969131.

  2. Smith P, Hutchison D, Schöller M, Fessi A, Karaliopoulos M, Lac C, Plattner B. Network resilience: a systematic approach. IEEE Commun Magaz. 2011;49(7):88–97. doi:10.1109/MCOM.2011.5936160.

  3. Computer Crime Research Center. Cybercrime is an organized and sophisticated business. 2001. http://www.crime-research.org/library/Cybercrime.htm. Accessed Sept 2013.

  4. Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Inc, Boston, MA, USA: Addison-Wesley Longman Publishing Co.; 1995.

    Google Scholar 

  5. Jain AK, Murty MN, Flynn PJ. Data clustering: a review. ACM Comput Surv. 1999;31(3):264–323. doi:http://doi.acm.org/10.1145/331499.331504 NULL.

  6. Pavan M, Pelillo M. A new graph-theoretic approach to clustering and segmentation. In: Proceedings of the IEEE conference on computer vision and pattern recognition, Madison, Wisconsin, USA. doi:10.1109/CVPR.2003.1211348; 2003. pp. 145–152.

  7. Tan P-N, Steinbach M, Kumar V. Introduction to data mining. Inc, Boston, MA, USA: Addison-Wesley Longman Publishing Co.; 2005.

    Google Scholar 

  8. Adrian F, Rehnhard M. Histogram matrix:Log visualization for anomaly detection. In: Proceedings of the third international conference on availability reliability and security, Barcelona, Spain; 2008. pp 610–617.

    Google Scholar 

  9. Kind A, Stoecklin MP, Dimitriopoulos X. Histogram based traffic anomaly detection. IEEE Trans Netw Serv Manage. 2009;6(2):110–121. doi:10.1109/TNSM.2009.090604.

  10. Nousiainen S, Kilpi J, Silvonen P, HiirsalmiSami M. Anomaly detection from server log data. A Case Study. Tech. rep., VTT Research Notes. http://www.vtt.fi/inf/pdf/tiedotteet/2009/T2480.pdf (2009).

  11. Barnum S, Sethi A. An introduction to attack patterns as a software assurance knowledge resource. Tech. rep., Cigital Inc. http://capec.mitre.org/documents/Attack_Patterns-Knowing_Your_Enemies_in_Order_to_Defeat_Them-Paper.pdf (2007).

  12. Barnum S. Common attack pattern enumeration and classification (CAPEC) schema description. Tech. rep., Cigital Inc. http://capec.mitre.org/documents/documentation/CAPEC_Schema_Description_v1.3.pdf (2008).

  13. Gu G, Perdisci R, Zhang J, Lee W. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX security symposium. San Jose: CA, USA; 2008. pp. 139–154.

    Google Scholar 

  14. Varrandi R. SEC—a light weight event correlation tool. In: Proceedings of the IEEE workshop on IP operations and management. doi:10.1109/IPOM.2002.1045765; 2002. pp. 111–115.

  15. Staniford S, Hoagland JA, McAlerney JA. Practical automated detection of stealthy portscans. J Comput Secur. 2002;10(1–2):105–36.

    Google Scholar 

  16. Staniford-Chen S, et al. GrIDS—A graph based intrusion detection system for large networks. In: Proceedings of the 19th national information systems security conference; 1996. pp. 361–370.

    Google Scholar 

  17. Roesch M. SNORT—Lightweight intrusion detection for networks. In: Proceedings of the USENIX technical program - 13th systems administration conference - LISA ’99. Washington, USA: Seattle; 1999. p. 229–238.

    Google Scholar 

  18. The Team Cymru. Home page of The team Cymru darknet. http://www.team-cymru.org/Services/darknets.html. (2009). Accessed Sept 2013.

  19. Bailey M, Cooke E, Jahanian F, Nazario J, Watson D. The Internet motion sensor: a distributed blackhole monitoring system. In: Proceedings of the 12th annual network and distributed system security symposium (NDSS), San Diego, CA, USA; 2005.

    Google Scholar 

  20. Shannon C, Moore D. The spread of the witty worm. IEEE Secur Priv. 2004;2(4):46–50. doi:10.1109/MSP.2004.59.

  21. Staniford S, Moore D, Paxson V, Weaver N. The top speed of flash worms. In: Proceedings of the ACM workshop on rapid malcode, WORM 2004, Washington, DC, USA; 2004.

    Google Scholar 

  22. Pang R, Yegneswaran V, Barford P, Paxson V, Peterson L. Characteristics of Internet background radiation. In: Proceedings of the 4th ACM SIGCOMM, Taormina, Sicily, Italy; 2004. pp. 27–40. doi:10.1145/1028788.1028794.

  23. ArborNetworks. Estonian DDoS attacks-A summary to date. Tech. rep., Arbor Networks. http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/ (2007).

  24. Pratt VR. Modeling concurrency with partial orders. Int J Parallel Prog. 1986;15(1):33–71. doi:10.1007/BF01379149.

  25. Yu Y, Fry M, Schaeffer-Filho A, Smith P, Hutchison D. An adaptive approach to network resilience: evolving challenge detection and mitigation. In: 2011 8th International workshop on the design of reliable communication Networks (DRCN). doi:10.1109/DRCN.2011.6076900; 2011. pp 172–179.

  26. Sterbenz JPG, Hutchison D, Çetinkaya EK, Jabbar A, Rohrer JP, Schöller M, Smith P. Resilience and survivability in communication networks: strategies, principles, and survey of disciplines. Comput Netw. 2010;54(8):1245–1265. doi:10.1016/j.comnet.2010.03.005.

Download references

Acknowledgments

This research is partially supported by the EPSRC funded India-UK Advanced Technology Centre in Next Generation Networking.

Author information

Authors and Affiliations

  1. School of Computing and Communications, Lancaster University, Lancaster LA1 4WA, United Kingdom

    Noor-ul-hassan Shirazi & David Hutchison

  2. Institute of Informatics, Federal University of Rio Grande do Sul, Porto Alegre, Brazil

    Alberto Schaeffer-Filho

Authors
  1. Noor-ul-hassan Shirazi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alberto Schaeffer-Filho
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Hutchison
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Noor-ul-hassan Shirazi .

Editor information

Editors and Affiliations

  1. Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom

    Clive Blackwell

  2. Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom

    Hong Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Shirazi, Nuh., Schaeffer-Filho, A., Hutchison, D. (2014). Attack Pattern Recognition Through Correlating Cyber Situational Awareness in Computer Networks. In: Blackwell, C., Zhu, H. (eds) Cyberpatterns. Springer, Cham. https://doi.org/10.1007/978-3-319-04447-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04447-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04446-0

  • Online ISBN: 978-3-319-04447-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation