You are here

Analysis and Visualization of Large Complex Multi-Step Cyber Attack Graphs

Award Information
Agency: Department of Defense
Branch: Army
Contract: W911NF-06-C-0146
Agency Tracking Number: A064-018-0244
Amount: $100,000.00
Phase: Phase I
Program: STTR
Solicitation Topic Code: A06-T018
Solicitation Number: N/A
Solicitation Year: 2006
Award Year: 2006
Award Start Date (Proposal Award Date): 2006-08-09
Award End Date (Contract End Date): 2007-02-05
Small Business Information
15400 Calhoun Drive
Rockville, MD 20855
United States
DUNS: 161911532
HUBZone Owned: No
Woman Owned: Yes
Socially and Economically Disadvantaged: No
Principal Investigator
 Leonard Haynes
 (301) 294-5250
Business Contact
 Mark James
Title: Contracts and Proposals Manager
Phone: (301) 294-5221
Research Institution
 Peng Liu
313G IST Bulding
University Park, PA 16801
United States

 (814) 863-0641
 Nonprofit College or University

We propose a comprehensive and innovative approach for analysis and visualization of large, complex, multi-step cyber attack graphs. First, we select the radial space-filling hierarchy visualization module for large complex multi-step cyber attack graph due to its strengths in space efficiency and ease of interpretation. Once an attack is correlated, the attack notification service retrieves the correlated alerts that comprise the attack scenario and uses it to instantiate an attack node, binding formal parameters to arguments along the way. Second, we build our plan recognition system after a low-level alert correlation step that includes alert aggregation and alert correlation. Third, we do not require a complete ordered alert sequence for inference. We have the capability of handling partial order and unobserved activity evidence sets. Fourth, we provide advanced approaches to predict potential attacks based on observed intrusion evidence. Bayesian Network based predication can incorporate prior knowledge of attack transition patterns and handle uncertainty in the correlation process. Moreover, we apply dynamic games for graph-based attack prediction and response since the integration of attack graphs and alert correlation graphs provide “perfect” knowledge about the attacker’s strategy space which is necessary to compute (Nash) equilibriums out of any mathematical game.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government