Cyberattack Detection & Mitigation: A Goal-Oriented and Pattern-Based Approach
Date
Authors
ORCID
Journal Title
Journal ISSN
Volume Title
Publisher
item.page.doi
Abstract
Concerns for computer-related security seem real and are increasingly becoming important just about everywhere. In particular, cyberattack — not necessarily attack through a physical means — has been drawing serious attention from the media, government, academia, etc. However, detecting some suspicious behavior of computer-related systems as a phenomenon of a cyberattack has been challenging. Detection helps but should be followed by some actions towards rectifying any undesirable behavior. A complete set of actions that can absolutely eliminate all the undesirable behaviors seems extremely difficult, if not impossible. In this thesis, we propose a goal-oriented and pattern-based approach to detecting and mitigating cyber attacks. Using a pattern-based approach, knowledge and experience about similar cyber attacks are categorized into different classes of patterns, which essentially consist of a set of conditions for determining if a suspicious incident belongs to a particular cyber attack pattern class and a set of actions for mitigating the cyber attack incident. Using a goal-oriented approach, together with case-based reasoning, options are explored for detecting and mitigating cyber attacks, tradeoffs among the options analyzed, and selection are made. In this thesis, one application is studied for illustrating, as well as for demonstrating the potential benefits of, our approach. The application has to do with cyber attacks from North Korea to South Korea. We feel our studies show the potential benefits for our approach — for more precisely characterizing a cyber attack (more finer-grained) and taking more surgical mitigating actions.