Automatically Tracing Information Flow of Vulnerability and Cyber-Attack Information through Text Strings / 13th ICCRTS: C2 for Complex Endeavors
Rowe, Neil C.
MetadataShow full item record
Quick dissemination of information about new vulnerabilities and attacks is essential to time-critical handling of threats in information security, but little systematic tracking has been done of it. We are developing data mining techniques to track the flow of such information by comparing important information-security Web sites, alert messages, and strings in packets to find similar words and sentences. We report on tools we have developed to collect relevant sentences, with a particular focus on comparing sentences from different sources to find patterns of quotation and influence. We report results on some representative pages that indicate some surprising information flows, for which the combination of both word matching and structure matching performed significantly better than either alone. We also report on preliminary work on the front lines of cyber-attack, trying to correlate text in intrusion-detection reports and even attack packets observed on a honeypot with reports of known attacks. These methods could help us automatically locate relevant fixes quickly when being attacked. Our tools will in general enable better design of incident response and incident reporting requirements for organizations, by showing bottlenecks and unused capabilities in the management of vulnerabilities and attacks.
13th International Command and Control Research and Technology Symposium (ICCRTS), June 17-19, 2008, Seattle, WA.International Command and Control Research and Technology Symposium, Bellevue, Washington, June 2008
Showing items related by title, author, creator and subject.
Moyer, Shawn P. (Monterey, California. Naval Postgraduate School, 2003-03);The devastating events of 11 September 2001 demonstrated the United States no longer enjoys a sense of invulnerability to attacks on American soil. On 25 November 2002, President Bush signed legislation creating a Department ...
Emery, Norman E.; Earl, Robert S. (Monterey, California. Naval Postgraduate School, 2003-06);This thesis provides insight into how terrorist organizations exploit the information environment to achieve their objectives. The study establishes an analytical IO framework, by integrating US military doctrine with a ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2007-09);September 2007. Six years after the attacks of 9/11, the practice and discipline of homeland defense and security have evolved and matured, moving into an era of self-evaluation. The essays and articles in Volume III, Issue ...