Cyberattack Detection & Mitigation: A Goal-Oriented and Pattern-Based Approach

Date

2017-05

ORCID

Journal Title

Journal ISSN

Volume Title

Publisher

item.page.doi

Abstract

Concerns for computer-related security seem real and are increasingly becoming important just about everywhere. In particular, cyberattack — not necessarily attack through a physical means — has been drawing serious attention from the media, government, academia, etc. However, detecting some suspicious behavior of computer-related systems as a phenomenon of a cyberattack has been challenging. Detection helps but should be followed by some actions towards rectifying any undesirable behavior. A complete set of actions that can absolutely eliminate all the undesirable behaviors seems extremely difficult, if not impossible. In this thesis, we propose a goal-oriented and pattern-based approach to detecting and mitigating cyber attacks. Using a pattern-based approach, knowledge and experience about similar cyber attacks are categorized into different classes of patterns, which essentially consist of a set of conditions for determining if a suspicious incident belongs to a particular cyber attack pattern class and a set of actions for mitigating the cyber attack incident. Using a goal-oriented approach, together with case-based reasoning, options are explored for detecting and mitigating cyber attacks, tradeoffs among the options analyzed, and selection are made. In this thesis, one application is studied for illustrating, as well as for demonstrating the potential benefits of, our approach. The application has to do with cyber attacks from North Korea to South Korea. We feel our studies show the potential benefits for our approach — for more precisely characterizing a cyber attack (more finer-grained) and taking more surgical mitigating actions.

Description

Keywords

Cyberterrorism, Computer security, Computer networks—Security measures, Computer networks—Monitoring

item.page.sponsorship

Rights

Copyright ©2017 is held by the author. Digital access to this material is made possible by the Eugene McDermott Library. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.

Citation