Abstract
In numerous security scenarios, given a sequence of logged activities, it is necessary to look for all subsequences that represent an intrusion, which can be meant as any “improper” use of a system, an attempt to damage parts of it, to gather protected information, to follow “paths” that do not comply with security rules, etc. In this paper we propose an hypergraph-based attack model for intrusion detection. The model allows the specification of various kinds of constraints on possible attacks and provides a high degree of flexibility in representing many different security scenarios. Besides discussing the main features of the model, we study the problems of checking the consistency of attack models and detecting attack instances in sequences of logged activities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Albanese, M., Jajodia, S., Pugliese, A., Subrahmanian, V.S.: Scalable analysis of attack scenarios. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 416–433. Springer, Heidelberg (2011)
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman & Co, New York (1979)
Albanese, M., Pugliese, A., Subrahmanian, V.S.: Fast activity detection: Indexing for temporal stochastic automaton-based activity models. IEEE Trans. Knowl. Data Eng. 25(2), 360–373 (2013)
Berge, C.: Hypergraphs: Combinatorics of Finite Sets. North-Holland (1989)
Vigna, G.: A topological characterization of tcp/ip security. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 914–939. Springer, Heidelberg (2003)
Vigna, G., Kemmerer, R.A.: Netstat: A network-based intrusion detection approach. In: ACSAC, pp. 25–34 (1998)
Morin, B., Mé, L., Debar, H., Ducassé, M.: M2D2: A formal data model for IDS alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 115–127. Springer, Heidelberg (2002)
Baiardi, F., Suin, S., Telmon, C., Pioli, M.: Assessing the risk of an information infrastructure through security dependencies. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 42–54. Springer, Heidelberg (2006)
Pieters, W.: Ankh: Information threat analysis with actor-network hypergraphs. CTIT technical report series, Enschede, Centre for Telematics and Information Technology, University of Twente (2010)
Johnson, C.R., Montanari, M., Campbell, R.H.: Automatic management of logging infrastructure. In: National Centers of Academic Excellence - Workshop on Insider Threat, St Louis, MO, USA (2010)
Korff, M., Ribeiro, L.: Formal relationship between graph grammars and petri nets. In: Cuny, J., Engels, G., Ehrig, H., Rozenberg, G. (eds.) Graph Grammars 1994. LNCS, vol. 1073, pp. 288–303. Springer, Heidelberg (1996)
Alimonti, P., Feuerstein, E.: Petri nets, hypergraphs and conflicts (preliminary version). In: Mayr, E.W. (ed.) WG 1992. LNCS, vol. 657, pp. 293–309. Springer, Heidelberg (1993)
Basu, A., Blanning, R.W.: Metagraphs in workflow support systems. Decision Support Systems 25(3), 199–208 (1999)
Basu, A., Blanning, R.W.: A formal approach to workflow analysis. Information Systems Research 11(1), 17–36 (2000)
Basu, A., Blanning, R.W.: Workflow analysis using attributed metagraphs. In: HICSS (2001)
Basu, A., Blanning, R.W.: Metagraphs and Their Applications. Integrated Series in Information Systems. Springer, Dordrecht (2007)
Basu, A., Blanning, R.W.: Metagraphs: a tool for modeling decision support systems. Manage. Sci. 40(12), 1579–1600 (1994)
Polyvyanyy, A., Weske, M.: Hypergraph-based modeling of ad-hoc business processes. In: Ardagna, D., Mecella, M., Yang, J. (eds.) BPM 2008 Workshops. LNBIP, vol. 17, pp. 278–289. Springer, Heidelberg (2009)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: ACM Conference on Computer and Communications Security, pp. 217–224 (2002)
Noel, S., Robertson, E., Jajodia, S.: Correlating intrusion events and building attack scenarios through attack graph distances. In: ACSAC, pp. 350–359 (2004)
Wang, L., Liu, A., Jajodia, S.: An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In: De Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 247–266. Springer, Heidelberg (2005)
Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications 29(18), 3812–3824 (2006)
Chen, Y., Boehm, B.W., Sheppard, L.: Value driven security threat modeling based on attack path analysis. In: HICSS, p. 280 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Guzzo, A., Pugliese, A., Rullo, A., Saccà, D. (2014). Intrusion Detection with Hypergraph-Based Attack Models. In: Croitoru, M., Rudolph, S., Woltran, S., Gonzales, C. (eds) Graph Structures for Knowledge Representation and Reasoning. Lecture Notes in Computer Science(), vol 8323. Springer, Cham. https://doi.org/10.1007/978-3-319-04534-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-04534-4_5
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04533-7
Online ISBN: 978-3-319-04534-4
eBook Packages: Computer ScienceComputer Science (R0)