Inference of security hazards from event composition based on incomplete or uncertain information

Abstract

A quick recognition of security hazards is challenging. Information sources are often insufficient to infer the occurrence of hazards with certainty, requiring recognition to be based on patterns of occurrences distributed over space and time. We introduce a generic framework that supports a quick response to changes in patterns of occurrences, using multiple inferencing techniques. We demonstrate, with a case study of detecting DoS attacks, that our approach is more flexible and accessible than custom-coded solutions, supporting multiple statistical Inferencing techniques when such results are available. © 2008 IEEE.