ACML: Capability Based Attack Modeling Language

I
IAS
2008
2008 The Fourth International Conference on Information Assurance and Security
Abstract - ACML: Capability Based Attack Modeling Language

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Navneet Kumar Pandey Articles by S.K. Gupta Articles by Shaveta Leekha Articles by Jingmin Zhou

2008 The Fourth International Conference on Information Assurance and Security

September 08-September 10

ISBN: 978-0-7695-3324-7

	ASCII Text	x
	Navneet Kumar Pandey, S.K. Gupta, Shaveta Leekha, Jingmin Zhou, "ACML: Capability Based Attack Modeling Language," Information Assurance and Security, International Symposium on, pp. 147-154, 2008 The Fourth International Conference on Information Assurance and Security, 2008.

	BibTex	x
	@article{ 10.1109/IAS.2008.26, author = {Navneet Kumar Pandey and S.K. Gupta and Shaveta Leekha and Jingmin Zhou}, title = {ACML: Capability Based Attack Modeling Language}, journal ={Information Assurance and Security, International Symposium on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3324-7}, pages = {147-154}, doi = {http://doi.ieeecomputersociety.org/10.1109/IAS.2008.26}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Information Assurance and Security, International Symposium on TI - ACML: Capability Based Attack Modeling Language SN - 978-0-7695-3324-7 SP147 EP154 A1 - Navneet Kumar Pandey, A1 - S.K. Gupta, A1 - Shaveta Leekha, A1 - Jingmin Zhou, PY - 2008 KW - Intrusion detection KW - Capability model KW - Attack scenario KW - Attack language KW - ACML VL - 0 JA - Information Assurance and Security, International Symposium on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IAS.2008.26

In this paper, we propose Attack capability modelling language (ACML) used for capability model proposed by Zhau et. al. is a specification and description language that has been utilized to express the capability gained by attacker at each step in the intrusion process. These capabilities have been defined using the IDS alerts.??Moreover the language also provides for the specification of compete attack scenarios in terms of capabilities of the intruder. This, in turn, helps to determine the state of the system, in terms of the extent of infiltration. ACML helps to avoid ambiguity in capability specifications while sharing among developers. We also propose Attack capability modelling framework (ACMF) which forms the basis of a capability model-based semi-automated alert correlation process, which has been used to detect and identify the attack scenarios from IDS alerts. The framework consists of the tools for the implementation of the algebraic structure of capability, as defined in Pandey et al., which are needed for the correlation algorithm.??Additionally, the language also has features for customizing the definitions of these structures as well as for customizing the correlation algorithm. To verify the expressiveness of the language and its suitability in describing attack capability model, experimental result of standard benchmark has been discussed.

Index Terms:

Intrusion detection, Capability model, Attack scenario, Attack language, ACML

Citation:

Navneet Kumar Pandey, S.K. Gupta, Shaveta Leekha, Jingmin Zhou, "ACML: Capability Based Attack Modeling Language," ias, pp.147-154, 2008 The Fourth International Conference on Information Assurance and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.