Multi-level Fusion to Improve Threat Pattern Recognition in Cyber Defense

Volume 8, Issue 4, pp 398 - 410 http://dx.doi.org/10.22436/jmcs.08.04.08

Download PDF

Download XML

• Export citations
  • CITATIONS & REFERENCES
  • EndNote (.ENW)
  • Mendeley, JabRef (.BIB)
  • Papers, Zotero, Reference Manager, RefWorks (.RIS)
  • ARTICLE CITATION
  • EndNote (.ENW)
  • Mendeley, JabRef (.BIB)
  • Papers, Zotero, Reference Manager, RefWorks (.RIS)
  • REFERENCES
  • EndNote (.ENW)
  • Mendeley, JabRef (.BIB)
  • Papers, Zotero, Reference Manager, RefWorks (.RIS)

• 2937 Downloads
• 3893 Views

Authors

Alijabar Rashidi - Malek-e-Ashtar University of Technology, Tehran, Iran Department of computer engineering. Kourosh Dadashtabar Ahmadi - Malek-e-Ashtar University of Technology, Tehran, Iran Department of computer engineering. Ali Jafari - Malek-e-Ashtar University of Technology, Tehran, Iran Department of computer engineering.

Abstract

Considering fast growth of internet and related network infrastructures, it is important to detect the intrusion and respond to it in a timely manner. Network intrusion can make vital information systems and communication networks inaccessible and imposes high cost of communication infrastructures. In order to gain high degrees of success in providing services, current and future generation of networking and internet technologies, require a set of tools to analyze the network and to detect the threats and intrusion in network. Due to main weakness in terms of high rate of false alarms and low accuracy of detection, by which cyber space detection and identification systems are opposed, fusion theory in decision level provides a new method for data analysis from multiple nodes in order to increase the possibility of intrusion detection through improving pattern recognition. This paper aims to present a novel method of fusion in decision level based on complex event processing and show how this method would be successful in exposing cyber threats for timely response.

Share and Cite

Keywords

• Information fusion
• complex event processing
• cyber defense
• pattern recognition

MSC

•  68T05
•  68T10

References

• [1] M. E. Liggins, D. L. Hall, J. Llinas , Handbook of Multisensor Data Fusion, Theory and Practice, CRC Press (2008)
  • Google Scholar


• [2] E. BIasch, I. Kadar, K. Hintz, J. Biermann, C. Chong, S. Das, Resource Management Coordination with Level 2,3 Fusion Issues and Challenges, IEEE AES Magazine, 23 (2008), 32-46
  • View Article
  • Google Scholar


• [3] S. Das, J. LIinas, G. Pavlin, D. Snyder, A. Steinberg, K. Sycar , Agent Based Information Fusion: Panel Discussion, , Int. Conf On Info. Fusion (2007)
  • Google Scholar


• [4] J. J. Salern, M. Sudit, S. I. Yang, G. P. Tad da, I. Kadar, J. Holsopple, Issues and challenges in higher level fusion: Thre at/ impact assessment and intent modeling (a panel summary), Int. Conf. on Info. Fusion, (2010)
  • Google Scholar


• [5] E. Blasch, J. Llinas, D. Lambert, P. Valin, S. Das, C-Y. Chong, M. M. Kokar, E. Shahbazian, High Level Information Fusion Developments, Issues, and Grand Challenges - Fusionl 0 Panel Discussion, Int. Conf. On Info. , Fusion (2010)
  • View Article
  • Google Scholar


• [6] E. Blasch, J. J. Salern, G. Tadda, Measuring the Worthiness of Situation Assessment, IEEE Nat, Aero space Electronics Conf (2011)
  • View Article
  • Google Scholar


• [7] D. A. Lambert, Unification of Sensor and Higher-Level Fusion, Int. Conf on Info. , Fusion (2006)


• [8] P. Hilletoft, S. Ujvari, R. Johansson, Agent-Based Simulation Fusion for Improved Decision Making for Service Operations, Int. Conf. On Info., Fusion (2009)
  • Google Scholar


• [9] A. Patcha, J. Park, An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks , 51 (2007), 3448–3470
  • View Article
  • Google Scholar


• [10] Y. Zhang, S. Huang, S. Guo, J. Zhu, Multi-sensor Data Fusion for Cyber Security Situation Awareness, Procedia Environmental Sciences , 10 (2011), 1029 – 1034
  • View Article
  • Google Scholar


• [11] S. Mathew, C. Shah, S. Upadhyaya, An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks, Proceedings of the Third IEEE International Workshop on Information Assurance, (2005)
  • View Article
  • Google Scholar


• [12] S. Mukkamala, K. Yendrapalli, R. B. Basnet, A. H. Sung, Detecting Coordinated Distributed Multiple Attacks, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07), (2007)
  • View Article
  • Google Scholar


• [13] D. Fava, J. Holsopple, S. J. Yang, B. Argauer, Terrain and Behavior Modeling for Projecting Multistage Cyber Attacks, Int. Conf. On Info., Fusion (2008)
  • View Article
  • Google Scholar


• [14] F. Alserhani, M. Akhlaq, I. U Awan, A. J. Cullen, Detection of Coordinated Attacks Using Alert Correlation Model, IEEE , (2010), 542-546
  • View Article
  • Google Scholar


• [15] J. Preden, L. Motus, M. Meriste, A. Riid, Situatinal Awareness for Networked Systems, IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), Miami Beach, FL, (2011), 123-130
  • View Article
  • Google Scholar


• [16] H. Chai, Y. Du, A Framework of Situation Awareness Based on Event Extraction and Correlation for Military Decision Support, Proceedings of 2012 IEEE International Conference on Mechatronics and Automation, August 5 - 8, Chengdu, China, (2012), 192-196
  • View Article
  • Google Scholar


• [17] M. E. Kuhl, M. Sudit, J. Kistner, Kevin Costantin, Cyber Attack Modelling And Simulation for Network Security Analysis, Proceedings of the 2007 Winter Simulation Conference, (2007), 1180-1188
  • Google Scholar


• [18] A. Arasu, M. Cherniack, E. Galvez, D. Maier, A. S. Maskey, E. Ryvkina, M. Stonebraker, R. Tibbetts, Linear road: a stream data management benchmark, In VLDB ’04: Proceedings of the Thirtieth international conference on Very large data bases, VLDB Endowment, (2004), 480–491
  • Google Scholar


• [19] A. P. Barros, G. Decker, A. Grosskopf, Complex events in business processes, In W. Abramowicz and W. Abramowicz, editors, BIS, Lecture Notes in Computer Science, Springer, 4439 (2007), 29–40
  • View Article
  • Google Scholar


• [20] G. Jiang, H. Chen, K. Yoshihira, Modeling and tracking of transaction flow dynamics for fault detection in complex systems, IEEE Transactions on Dependable and Secure Computing, 3(4) (2006), 312–326
  • View Article
  • Google Scholar


• [21] A. Paschke, A homogenous reaction rule language for complex event processing, In In Proc. 2nd International Workshop on Event Drive Architecture and Event Processing Systems EDA-PS, (2007)
  • Google Scholar


• [22] K. U. Schmidt, D. Anicic, R. Stühmer, Event-driven Reactivity: A Survey and Requirements Analysis, In 3rd International Workshop on Semantic Business Process Management, (2008), 72–86
  • Google Scholar


• [23] C. Zang, Y. Fan, Complex event processing in enterprise information systems based on rfid, Enterp. Inf. Syst., 1(1) (2007), 3–23
  • View Article
  • Google Scholar


• [24] I. H. Witten, E. Frank, Data Mining: Practical machine learning tools and techniques, Morgan Kaufmann, San Francisco (2005)
  • Google Scholar
  • MATH


• [25] TIBCO Business Events User’s Guide, TIBCO Business Events, TIBCO® BusinessEvents, Software Release1.2, (2005)


• [26] G. Hermosillo, L. Seinturier, Laurence Duchien, Using Complex Event Processing for Dynamic Business Process Adaptation, Proceedings of the 7th IEEE International Conference on Services Computing, Miami, Florida : United States (2010)
  • View Article
  • Google Scholar