This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Inference of Security Hazards from Event Composition Based on Incomplete or Uncertain Information
August 2008 (vol. 20 no. 8)
pp. 1111-1114
Segev Wasserkrug, IBM Haifa Resarch Lab Technion - Israel Institute of Technology, Haifa
Avigdor Gal, IBM Haifa Resarch Lab Technion - Israel Institute of Technology, Haifa
Opher Etzion, IBM , Haifa
In many security-related contexts, a quick recognition of security hazards is required. Such recognition is challenging, since available information sources are often insufficient to infer the occurrence of hazards with certainty. This requires that the recognition of security hazard is carried out using inference based on patterns of occurrences distributed over space and time. The two main existing approaches to the inference of security hazards are a) custom-coded solutions, which are tailored to specific patterns, and cannot respond quickly to changes in the patterns of occurrences used for inference, and b) approaches based on direct statistical inferencing techniques, such as regression, which do not enable combining various kinds of evidence regarding the same hazard. In this work, we introduce a more generic formal framework which overcomes the aforementioned deficiencies, together with a case study illustrating the detection of DoS attacks.

[1] S. Chakravarthy and D. Mishra , “Snoop: An Expressive Event Specification Language for Active Databases,” Data & Knowledge Eng., vol. 14, no. 1, pp.1-26, 1994.
[2] N.H. Gehani , H.V. Jagadish , and O. Shmueli , “Composite Event Specification in Active Databases: Model and Implementation,” Proc. 18th Int'l Conf. Very Large Data Bases (VLDB '92), pp. 23-27, 1992.
[3] A. Adi and O. Etzion , “AMIT—The Situation Manager,” The VLDB J., vol. 13, no. 2, pp. 177-203, 2004.
[4] G. Jiang and G. Cybenko , “Temporal and Spatial Distributed Event Correlation for Network Security,” Proc. Am. Control Conf. (ACC '04), vol. 2, pp. 996-1001, June 2004.
[5] J. Cowie , A.T. Ogielski , B. Premore , and Y. Yuanb , “Internet Worms and Global Routing Instabilities,” Proc. SPIE '02, vol. 4,868, July/Aug. 2002.
[6] C.-S. Li , C. Aggarwal , M. Campbell , Y.-C. Chang , G. Glass , V. Iyengar , M. Joshi , C.-Y. Lin , M. Naphade , and J.R. Smith , “Epi-Spire: A System for Environmental and Public Health Activity Monitoring,” Proc. IEEE Int'l Conf. Multimedia and Expo (ICME '03), July 2003.
[7] M. Campbell , C.-S. Li , C. Aggarwal , M. Naphade , K.-L. Wu , and T. Zhang , “An Evaluation of Over-the-Counter Medication Sales for Syndromic Surveillance,” Proc. IEEE Int'l Conf. Data Mining—Life Sciences Data Mining Workshop, 2004.
[8] S. Wasserkrug , A. Gal , and O. Etzion , “A Model for Reasoning with Uncertain Rules in Event Composition Systems,” Proc. 21st Ann. Conf. Uncertainty in Artificial Intelligence (UAI '05), pp. 599-606, 2005.
[9] J.Y. Halpern , “An Analysis of First-Order Logics of Probability,” Artificial Intelligence, vol. 46, no. 3, pp. 311-350, 1990.

Index Terms:
Uncertainty, Fuzzy and probabilistic reasoning, Decision support, Network-level security and protection
Citation:
Segev Wasserkrug, Avigdor Gal, Opher Etzion, "Inference of Security Hazards from Event Composition Based on Incomplete or Uncertain Information," IEEE Transactions on Knowledge and Data Engineering, vol. 20, no. 8, pp. 1111-1114, Aug. 2008, doi:10.1109/TKDE.2008.74
Usage of this product signifies your acceptance of the Terms of Use.