Abstract
Recent attacks are better coordinated, difficult to discover, and inflict severe damages to networks. However, existing response systems handle the case of a single ongoing attack. This limitation is due to the lack of an appropriate model that describes coordinated attacks. In this paper, we address this limitation by presenting a new formal description of individual, coordinated, and concurrent attacks. Afterwards, we combine Graph Theory and our attack description in order to model attack graphs that cover the three attacks types. Finally, we show how to automatically generate these attack graphs using a logical approach based on Situation Calculus.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Security, 124–140 (2010)
Braynov, S.: On Future Avenues for Distributed Attacks, pp. 51–60. Management Centre International Limited (2003)
Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier. White paper, Symantec Corp., Security Response (2011)
Toth, T., Kruegel, C.: Evaluating the impact of automated intrusion response mechanisms (2002)
Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications, AINA 2007, pp. 428–435. IEEE Computer Society, Washington, DC (2007)
Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Dubus, S.: Risk-aware framework for activating and deactivating policy-based response. In: International Conference on Network and System Security, pp. 207–215 (2010)
Cuppens, F., Ortalo, R.: Lambda: A language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)
Templeton, S.J., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the 2000 Workshop on New Security Paradigms, NSPW 2000, pp. 31–38. ACM, New York (2000)
Braynov, S., Jadliwala, M.: Representation and analysis of coordinated attacks. In: Proceedings of the 2003 ACM Workshop on Formal Methods in Security Engineering, Ser., FMSE 2003, pp. 43–51. ACM, New York (2003)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
Mccarthy, J., Hayes, P.J.: Some philosophical problems from the standpoint of artificial intelligence. Machine Intelligence 4 (1969)
Reiter, R.: Knowledge in Action: Logical Foundations for Specifying and Implementing Dynamical Systems, illustrated edition ed. The MIT Press, Massachusetts (2001)
Reiter, R.: The frame problem in situation the calculus: a simple solution (sometimes) and a completeness result for goal regression. In: Lifschitz, V. (ed.) Artificial Intelligence and Mathematical Theory of Computation, pp. 359–380. Academic Press Professional, Inc., San Diego (1991)
Goldman, R.P.: A stochastic model for intrusions. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 199–218. Springer, Heidelberg (2002)
Reiter, R.: Natural actions, concurrency and continuous time in the situation calculus. In: Aiello, L.C., Doyle, J., Shapiro, S.C. (eds.) KR, pp. 2–13. Morgan Kaufmann (1996)
Pinto, J.A.: Temporal reasoning in the situation calculus (1994)
Levesque, H.J., Reiter, R., Lespérance, Y., Lin, F., Scherl, R.B.: Golog: A logic programming language for dynamic domains (1994)
Boutilier, C., Brafman, R.I.: Partial-order planning with concurrent interacting actions. J. Artif. Int. Res. 14(1), 105–136 (2001)
Autrel, F., Cuppens, F.: Crim: un module de corrélation d’alertes et de réaction aux attaques. Annales des Télécommunications 61(9-10), 1172–1192 (2006)
Kanoun, W., Dubus, S., Papillon, S., Cuppens-Boulahia, N., Cuppens, F.: Towards dynamic risk management: Success likelihood of ongoing attacks. Bell Labs Technical Journal 17(3), 61–78 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Samarji, L., Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Dubus, S. (2013). Situation Calculus and Graph Based Defensive Modeling of Simultaneous Attacks. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-03584-0_11
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03583-3
Online ISBN: 978-3-319-03584-0
eBook Packages: Computer ScienceComputer Science (R0)