New goal recognition algorithms using attack graphs

Reuth Mirsky; Ya’ar Shalom; Ahmad Majadly; Kobi Gal; Rami Puzis; Ariel Felner

doi:10.1007/978-3-030-20951-3_23

New goal recognition algorithms using attack graphs

Reuth Mirsky, Ya’ar Shalom, Ahmad Majadly, Kobi Gal, Rami Puzis, Ariel Felner

Ben-Gurion University of the Negev

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Scopus citations

Abstract

Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal recognition to be carried out in near-real-time. These algorithms can potentially improve both risk management and alert correlation mechanisms for intrusion detection.

Original language	English
Title of host publication	Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings
Editors	Shlomi Dolev, Danny Hendler, Sachin Lodha, Moti Yung
Publisher	Springer Verlag
Pages	260-278
Number of pages	19
ISBN (Print)	9783030209506
DOIs	https://doi.org/10.1007/978-3-030-20951-3_23
State	Published - 2019
Externally published	Yes
Event	3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019 - Beer Sheva, Israel Duration: 27 Jun 2019 → 28 Jun 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11527 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019
Country/Territory	Israel
City	Beer Sheva
Period	27/06/19 → 28/06/19

Bibliographical note

Publisher Copyright:
© Springer Nature Switzerland AG 2019.

Access to Document

10.1007/978-3-030-20951-3_23

Cite this

Mirsky, R., Shalom, Y., Majadly, A., Gal, K., Puzis, R., & Felner, A. (2019). New goal recognition algorithms using attack graphs. In S. Dolev, D. Hendler, S. Lodha, & M. Yung (Eds.), Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings (pp. 260-278). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11527 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-20951-3_23

Mirsky, Reuth ; Shalom, Ya’ar ; Majadly, Ahmad et al. / New goal recognition algorithms using attack graphs. Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings. editor / Shlomi Dolev ; Danny Hendler ; Sachin Lodha ; Moti Yung. Springer Verlag, 2019. pp. 260-278 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{44c5b12215f640b8a806fcb1d87d831e,

title = "New goal recognition algorithms using attack graphs",

abstract = "Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal recognition to be carried out in near-real-time. These algorithms can potentially improve both risk management and alert correlation mechanisms for intrusion detection.",

author = "Reuth Mirsky and Ya{\textquoteright}ar Shalom and Ahmad Majadly and Kobi Gal and Rami Puzis and Ariel Felner",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.; 3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019 ; Conference date: 27-06-2019 Through 28-06-2019",

year = "2019",

doi = "10.1007/978-3-030-20951-3\_23",

language = "אנגלית",

isbn = "9783030209506",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "260--278",

editor = "Shlomi Dolev and Danny Hendler and Sachin Lodha and Moti Yung",

booktitle = "Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings",

address = "גרמניה",

}

Mirsky, R, Shalom, Y, Majadly, A, Gal, K, Puzis, R & Felner, A 2019, New goal recognition algorithms using attack graphs. in S Dolev, D Hendler, S Lodha & M Yung (eds), Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11527 LNCS, Springer Verlag, pp. 260-278, 3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019, Beer Sheva, Israel, 27/06/19. https://doi.org/10.1007/978-3-030-20951-3_23

New goal recognition algorithms using attack graphs. / Mirsky, Reuth; Shalom, Ya’ar; Majadly, Ahmad et al.
Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings. ed. / Shlomi Dolev; Danny Hendler; Sachin Lodha; Moti Yung. Springer Verlag, 2019. p. 260-278 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11527 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - New goal recognition algorithms using attack graphs

AU - Mirsky, Reuth

AU - Shalom, Ya’ar

AU - Majadly, Ahmad

AU - Gal, Kobi

AU - Puzis, Rami

AU - Felner, Ariel

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019

Y1 - 2019

N2 - Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal recognition to be carried out in near-real-time. These algorithms can potentially improve both risk management and alert correlation mechanisms for intrusion detection.

AB - Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal recognition to be carried out in near-real-time. These algorithms can potentially improve both risk management and alert correlation mechanisms for intrusion detection.

UR - https://www.scopus.com/pages/publications/85068209424

U2 - 10.1007/978-3-030-20951-3_23

DO - 10.1007/978-3-030-20951-3_23

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85068209424

SN - 9783030209506

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 260

EP - 278

BT - Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings

A2 - Dolev, Shlomi

A2 - Hendler, Danny

A2 - Lodha, Sachin

A2 - Yung, Moti

PB - Springer Verlag

T2 - 3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019

Y2 - 27 June 2019 through 28 June 2019

ER -

Mirsky R, Shalom Y, Majadly A, Gal K, Puzis R, Felner A. New goal recognition algorithms using attack graphs. In Dolev S, Hendler D, Lodha S, Yung M, editors, Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings. Springer Verlag. 2019. p. 260-278. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-20951-3_23

New goal recognition algorithms using attack graphs

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this