Implementing Consistency Checking in Correlating Attacks

Sarda, Kaushal; Wijesekera, Duminda; Jajodia, Sushil

doi:10.1007/978-3-540-30555-2_44

Kaushal Sarda¹⁸,
Duminda Wijesekera¹⁹ &
Sushil Jajodia¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3347))

Included in the following conference series:

International Conference on Distributed Computing and Internet Technology

658 Accesses
1 Citations

Abstract

Static analysis of attack sequences (a.k.a. topological vulnerability analysis -TVA) studies sequences of attacks that can eventually lead to exploitable vulnerabilities in a network. In models where the attacks are specified in terms of their preconditions and post conditions, the sequences that can be launched are those in which the post condition of the antecedent attack implies the precondition of the precedent attack. We show a method of doing so, and show the drawbacks in omitting these checks in the CRIM [5]) model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Computer Oracle and Password System (COPS) information and software on the web at, ftp.cert.org/pub/tools/cops
Internet Security Systems, System Scanner information at, http://www.iss.net
Network Associates, CyberCop Scanner information at, http://www.nai.com/asp_set/products/tns/ccscanner_intro.asp
Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings 2000 IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, May 2000, pp. 156–165 (2000)
Google Scholar
Cuppens, F., Miège, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Research in Security and Privacy, Oakland, Mai (2002)
Google Scholar
http://www.swi-prolog.org
Ning, P., Cui, Y., Reeves, D.S.: Analyzing intensive intrusion alerts via correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 74–94. Springer, Heidelberg (2002)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Capgemini, Pirojshanagar, Vikhroli, Mumbai, 400 079, India
Kaushal Sarda
The Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030, USA
Duminda Wijesekera & Sushil Jajodia

Authors

Kaushal Sarda
View author publications
You can also search for this author in PubMed Google Scholar
Duminda Wijesekera
View author publications
You can also search for this author in PubMed Google Scholar
Sushil Jajodia
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science and Engineering, Indian Institute of Technology, Kanpur, India
R. K. Ghosh
Department of Computer and Information Science, University of Hyderabad, Central University PO, 500 046, AP, India
Hrushikesha Mohanty

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Sarda, K., Wijesekera, D., Jajodia, S. (2004). Implementing Consistency Checking in Correlating Attacks. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_44

Download citation

DOI: https://doi.org/10.1007/978-3-540-30555-2_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24075-4
Online ISBN: 978-3-540-30555-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics