Much research has been put forth towards detection, correlating, and prediction of cyber attacks in recent years. As this
set of research progresses, there is an increasing need for contextual information of a computer network to provide an
accurate situational assessment. Typical approaches adopt contextual information as needed; yet such ad hoc effort may
lead to unnecessary or even conflicting features. The concept of virtual terrain is, therefore, developed and investigated
in this work. Virtual terrain is a common representation of crucial information about network vulnerabilities,
accessibilities, and criticalities. A virtual terrain model encompasses operating systems, firewall rules, running services,
missions, user accounts, and network connectivity. It is defined as connected graphs with arc attributes defining
dynamic relationships among vertices modeling network entities, such as services, users, and machines. The virtual
terrain representation is designed to allow feasible development and maintenance of the model, as well as efficacy in
terms of the use of the model. This paper will describe the considerations in developing the virtual terrain schema,
exemplary virtual terrain models, and algorithms utilizing the virtual terrain model for situation and threat assessment.
KEYWORDS: Network security, Taxonomy, High dynamic range imaging, Information security, Computer engineering, Defense and security, Information fusion, Computer intrusion detection, Computer security, Target detection
Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating
alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their 'impact' to services and users of the network. A network is modeled as 'virtual terrain' where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC).
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.