Show simple item record

dc.contributor.authorRowe, Neil C.
dc.contributor.authorSjoberg, Eric
dc.contributor.authorAdams, Paige
dc.dateJune 2008
dc.date.accessioned2013-09-09T18:29:42Z
dc.date.available2013-09-09T18:29:42Z
dc.date.issued2008-06
dc.identifier.citationInternational Command and Control Research and Technology Symposium, Bellevue, Washington, June 2008
dc.identifier.urihttp://hdl.handle.net/10945/36011
dc.description13th International Command and Control Research and Technology Symposium (ICCRTS), June 17-19, 2008, Seattle, WA.en_US
dc.descriptionInternational Command and Control Research and Technology Symposium, Bellevue, Washington, June 2008en_US
dc.description.abstractQuick dissemination of information about new vulnerabilities and attacks is essential to time-critical handling of threats in information security, but little systematic tracking has been done of it. We are developing data mining techniques to track the flow of such information by comparing important information-security Web sites, alert messages, and strings in packets to find similar words and sentences. We report on tools we have developed to collect relevant sentences, with a particular focus on comparing sentences from different sources to find patterns of quotation and influence. We report results on some representative pages that indicate some surprising information flows, for which the combination of both word matching and structure matching performed significantly better than either alone. We also report on preliminary work on the front lines of cyber-attack, trying to correlate text in intrusion-detection reports and even attack packets observed on a honeypot with reports of known attacks. These methods could help us automatically locate relevant fixes quickly when being attacked. Our tools will in general enable better design of incident response and incident reporting requirements for organizations, by showing bottlenecks and unused capabilities in the management of vulnerabilities and attacks.en_US
dc.titleAutomatically Tracing Information Flow of Vulnerability and Cyber-Attack Information through Text Strings / 13th ICCRTS: C2 for Complex Endeavorsen_US
dc.typeConference Paperen_US
dc.subject.authorVulnerabilitiesen_US
dc.subject.authoralertsen_US
dc.subject.authordisseminationen_US
dc.subject.authorWorld Wide Weben_US
dc.subject.authordata miningen_US
dc.subject.authornatural-language processingen_US
dc.subject.authorcross-document referencingen_US
dc.subject.authorpacketsen_US
dc.subject.authorintrusion-detection systemsen_US


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record