Issue No. 08 - August (2008 vol. 20)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2008.74
Segev Wasserkrug , IBM Haifa Resarch Lab Technion - Israel Institute of Technology, Haifa
Avigdor Gal , IBM Haifa Resarch Lab Technion - Israel Institute of Technology, Haifa
Opher Etzion , IBM , Haifa
In many security-related contexts, a quick recognition of security hazards is required. Such recognition is challenging, since available information sources are often insufficient to infer the occurrence of hazards with certainty. This requires that the recognition of security hazard is carried out using inference based on patterns of occurrences distributed over space and time. The two main existing approaches to the inference of security hazards are a) custom-coded solutions, which are tailored to specific patterns, and cannot respond quickly to changes in the patterns of occurrences used for inference, and b) approaches based on direct statistical inferencing techniques, such as regression, which do not enable combining various kinds of evidence regarding the same hazard. In this work, we introduce a more generic formal framework which overcomes the aforementioned deficiencies, together with a case study illustrating the detection of DoS attacks.
Uncertainty, Fuzzy and probabilistic reasoning, Decision support, Network-level security and protection
A. Gal, O. Etzion and S. Wasserkrug, "Inference of Security Hazards from Event Composition Based on Incomplete or Uncertain Information," in IEEE Transactions on Knowledge & Data Engineering, vol. 20, no. , pp. 1111-1114, 2008.