Recognizing attack intention is crucial for security analysis. In recent years, a number of methods for attack intention recognition have been proposed. However, most of these techniques mainly focus on the alerts of ...Recognizing attack intention is crucial for security analysis. In recent years, a number of methods for attack intention recognition have been proposed. However, most of these techniques mainly focus on the alerts of an intrusion detection system and use algorithms of low efficiency that mine frequent attack patterns without reconstructing attack paths. In this paper, a novel and effective method is proposed, which integrates several techniques to identify attack intentions. Using this method, a Bayesian-based attack scenario is constructed, where frequent attack patterns are identified using an efficient data-mining algorithm based on frequent patterns. Subsequently, attack paths are rebuilt by recorrelating frequent attack patterns mined in the scenario. The experimental results demonstrate the capability of our method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources. Specifically, to the best of our knowledge, the proposed method is the first to correlate complementary intrusion evidence with frequent pattern mining techniques based on the FP-Growth algorithm to rebuild attack paths and to recognize attack intentions.展开更多
We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study th...We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study the robustness of complex networks under random information and preferential information, respectively. Using the generating function method, we derive the exact value of the critical removal fraction of nodes for the disintegration of networks and the size of the giant component. We show that hiding just a small fraction of nodes randomly can prevent a scale-free network from collapsing and detecting just a small fraction of nodes preferentially can destroy a scale-free network.展开更多
Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems(ICS).These systems are becoming more connected to the internet,either directly or through the co...Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems(ICS).These systems are becoming more connected to the internet,either directly or through the corporate networks.This makes them vulnerable to cyber-attacks.Abnormal behaviour in floodgates operated by ICS could be caused by both(intentional)attacks and(accidental)technical failures.When operators notice abnormal behaviour,they should be able to distinguish between those two causes to take appropriate measures,because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector.In the previous work,we developed the attack-failure distinguisher framework for constructing Bayesian Network(BN)models to enable operators to distinguish between those two causes,including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models.As a full case study of the attack-failure distinguisher framework,this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates,addressing the problem of floodgate operators.We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model.The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements.This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.展开更多
The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, ...The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, the robustness of air route networks is extended by defining and testing several heuristics to define selection criteria to detect the critical nodes of the WAN.In addition to heuristics based on genetic algorithms and simulated annealing, custom heuristics based on node damage and node betweenness are defined. The most effective heuristic is a multiattack heuristic combining both custom heuristics. Results obtained are of importance not only for advance in the understanding of the structure of complex networks, but also for critical node detection.展开更多
文摘Recognizing attack intention is crucial for security analysis. In recent years, a number of methods for attack intention recognition have been proposed. However, most of these techniques mainly focus on the alerts of an intrusion detection system and use algorithms of low efficiency that mine frequent attack patterns without reconstructing attack paths. In this paper, a novel and effective method is proposed, which integrates several techniques to identify attack intentions. Using this method, a Bayesian-based attack scenario is constructed, where frequent attack patterns are identified using an efficient data-mining algorithm based on frequent patterns. Subsequently, attack paths are rebuilt by recorrelating frequent attack patterns mined in the scenario. The experimental results demonstrate the capability of our method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources. Specifically, to the best of our knowledge, the proposed method is the first to correlate complementary intrusion evidence with frequent pattern mining techniques based on the FP-Growth algorithm to rebuild attack paths and to recognize attack intentions.
基金Supported by the National Natural Science Foundation of China under Grant No 70501032.
文摘We introduce a novel model for robustness of complex with a tunable attack information parameter. The random failure and intentional attack known are the two extreme cases of our model. Based on the model, we study the robustness of complex networks under random information and preferential information, respectively. Using the generating function method, we derive the exact value of the critical removal fraction of nodes for the disintegration of networks and the size of the giant component. We show that hiding just a small fraction of nodes randomly can prevent a scale-free network from collapsing and detecting just a small fraction of nodes preferentially can destroy a scale-free network.
基金the Netherlands Organization for Scientific Research(NWO)in the framwork of the Cyber Security research program under the project“Secure Our Safety:Building Cyber Security for Flood Management(SOS4Flood)”.
文摘Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems(ICS).These systems are becoming more connected to the internet,either directly or through the corporate networks.This makes them vulnerable to cyber-attacks.Abnormal behaviour in floodgates operated by ICS could be caused by both(intentional)attacks and(accidental)technical failures.When operators notice abnormal behaviour,they should be able to distinguish between those two causes to take appropriate measures,because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector.In the previous work,we developed the attack-failure distinguisher framework for constructing Bayesian Network(BN)models to enable operators to distinguish between those two causes,including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models.As a full case study of the attack-failure distinguisher framework,this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates,addressing the problem of floodgate operators.We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model.The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements.This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.
文摘The world airport network(WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, the robustness of air route networks is extended by defining and testing several heuristics to define selection criteria to detect the critical nodes of the WAN.In addition to heuristics based on genetic algorithms and simulated annealing, custom heuristics based on node damage and node betweenness are defined. The most effective heuristic is a multiattack heuristic combining both custom heuristics. Results obtained are of importance not only for advance in the understanding of the structure of complex networks, but also for critical node detection.