A Process Control and Diagnosis Approach to Indications and Warning of Attacks on Computer Networks

Abstract

Cyber attacks are launched as a series of computer actions designed to compromise the security (e.g., availability, integrity, and confidentiality) of a computer and network system. In this report, we first illustrate a process control approach to system modeling for information assurance. A model-based design of attack detection techniques is then presented to demonstrate how a process model of a networked computer system can be applied to cyber attack detection. Then using audit data capturing activities on computer and network systems, we develop and present learning and inference algorithms of probabilistic networks with undirected links. This technique is used to represent the symmetric relations of audit event types during normal activities, to build a long-term profile of normal activities, and to perform anomaly detection. The resultant probabilistic network is then trained with audit data from both normal activities and computer attack activities. The test results demonstrate very promising performance in detecting cyber attacks.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2001
Accession Number
ADA397978

Entities

People

  • Nong Ye

Organizations

  • Arizona State University

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Algorithms
  • Anomaly Detection
  • Bayesian Networks
  • Change Detection
  • Computer Programs
  • Computers
  • Control Systems
  • Cyberattacks
  • Data Mining
  • Data Science
  • Detection
  • Information Assurance
  • Information Science
  • Information Systems
  • Operating Systems
  • Probability

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.
  • Neural Network Machine Learning.

Technology Areas

  • AI & ML
  • Cyber