The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.08 - August (2008 vol.20)
pp: 1111-1114
Segev Wasserkrug , IBM Haifa Resarch Lab Technion - Israel Institute of Technology, Haifa
Avigdor Gal , IBM Haifa Resarch Lab Technion - Israel Institute of Technology, Haifa
Opher Etzion , IBM , Haifa
ABSTRACT
In many security-related contexts, a quick recognition of security hazards is required. Such recognition is challenging, since available information sources are often insufficient to infer the occurrence of hazards with certainty. This requires that the recognition of security hazard is carried out using inference based on patterns of occurrences distributed over space and time. The two main existing approaches to the inference of security hazards are a) custom-coded solutions, which are tailored to specific patterns, and cannot respond quickly to changes in the patterns of occurrences used for inference, and b) approaches based on direct statistical inferencing techniques, such as regression, which do not enable combining various kinds of evidence regarding the same hazard. In this work, we introduce a more generic formal framework which overcomes the aforementioned deficiencies, together with a case study illustrating the detection of DoS attacks.
INDEX TERMS
Uncertainty, Fuzzy and probabilistic reasoning, Decision support, Network-level security and protection
CITATION
Segev Wasserkrug, Avigdor Gal, Opher Etzion, "Inference of Security Hazards from Event Composition Based on Incomplete or Uncertain Information", IEEE Transactions on Knowledge & Data Engineering, vol.20, no. 8, pp. 1111-1114, August 2008, doi:10.1109/TKDE.2008.74
REFERENCES
[1] S. Chakravarthy and D. Mishra , “Snoop: An Expressive Event Specification Language for Active Databases,” Data & Knowledge Eng., vol. 14, no. 1, pp.1-26, 1994.
[2] N.H. Gehani , H.V. Jagadish , and O. Shmueli , “Composite Event Specification in Active Databases: Model and Implementation,” Proc. 18th Int'l Conf. Very Large Data Bases (VLDB '92), pp. 23-27, 1992.
[3] A. Adi and O. Etzion , “AMIT—The Situation Manager,” The VLDB J., vol. 13, no. 2, pp. 177-203, 2004.
[4] G. Jiang and G. Cybenko , “Temporal and Spatial Distributed Event Correlation for Network Security,” Proc. Am. Control Conf. (ACC '04), vol. 2, pp. 996-1001, June 2004.
[5] J. Cowie , A.T. Ogielski , B. Premore , and Y. Yuanb , “Internet Worms and Global Routing Instabilities,” Proc. SPIE '02, vol. 4,868, July/Aug. 2002.
[6] C.-S. Li , C. Aggarwal , M. Campbell , Y.-C. Chang , G. Glass , V. Iyengar , M. Joshi , C.-Y. Lin , M. Naphade , and J.R. Smith , “Epi-Spire: A System for Environmental and Public Health Activity Monitoring,” Proc. IEEE Int'l Conf. Multimedia and Expo (ICME '03), July 2003.
[7] M. Campbell , C.-S. Li , C. Aggarwal , M. Naphade , K.-L. Wu , and T. Zhang , “An Evaluation of Over-the-Counter Medication Sales for Syndromic Surveillance,” Proc. IEEE Int'l Conf. Data Mining—Life Sciences Data Mining Workshop, 2004.
[8] S. Wasserkrug , A. Gal , and O. Etzion , “A Model for Reasoning with Uncertain Rules in Event Composition Systems,” Proc. 21st Ann. Conf. Uncertainty in Artificial Intelligence (UAI '05), pp. 599-606, 2005.
[9] J.Y. Halpern , “An Analysis of First-Order Logics of Probability,” Artificial Intelligence, vol. 46, no. 3, pp. 311-350, 1990.
36 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool