Skip to main content
SpringerLink
Log in

A Stochastic Model for Intrusions

  • Conference paper
  • First Online:
Recent Advances in Intrusion Detection (RAID 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2516))

Included in the following conference series:

Abstract

We describe a computer network attack model with two novel features: it uses a very flexible action representation, the situation calculus and goal-directed procedure invocation to simulate intelligent, reactive attackers. Using the situation calculus, our simulator can project the results actions with complex preconditions and context-dependent effects. We have extended the Golog situation calculus programming with goal-directed procedure invocation. With goal-directed invocation one can express attacker plans like “first attain root privilege on a host trusted by the target, and then exploit the trust relationship to escalate privilege on the target.” Our simulated attackers choose among methods that can achieve goals, and react to failures appropriately, by persistence, choosing alternate means of goal achievement, and/or abandoning goals. We have designed a stochastic attack simulator and built enough of its components to simulate goal-directed attack on a network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American Association for Artificial Intelligence, Proceedings of the Seventeenth National Conference on Artificial Intelligence, Menlo Park, CA, July 2000. AAAI Press/MIT Press.

    Google Scholar 

  2. C. Boutilier, R. Reiter, M. Soutchanski, and S. Thrun, “Decision-theoretic, High-level Agent Programming in the Situation Calculus,”, in Proceedings of the Seventeenth National Conference on Artificial Intelligence [1], pp. 355–362.

    Google Scholar 

  3. M. E. Bratman, “What is Intention?,” in Intentions in Communication, P. Cohen, J. Morgan, and M. Pollack, editors, chapter 2, pp. 15–31, MIT Press, Cambridge, MA, 1990.

    Google Scholar 

  4. F. Cuppens and R. Ortalo, “LAMBDA: A Language to Model a Database for Detection of Attacks,” in RAID, H. Debar, L. Mé, and S. F. Wu, editors, volume 1907 of Lecture Notes in Computer Science, pp. 197–216. Springer, 2000.

    Google Scholar 

  5. DARPA and the IEEE Computer Society, DARPA Information Survivability Conference and Exposition(DISCEX-2001), 2001.

    Google Scholar 

  6. O. Etzioni, “Intelligence without Robots: A Reply to Brooks,” AI Magazine, vol. 14, no. 4, pp. 7–13, 1993.

    Google Scholar 

  7. O. Etzioni, K. Golden, and D. Weld, “Tractable Closed World Reasoning with Updates,” in Principles of Knowledge Representation and Reasoning:Proceedings of the Fourth International Conference, J. Doyle, E. Sandewall, and P. Torasso, editors, pp. 178–189. Morgan Kaufmann Publishers, Inc., 1994.

    Google Scholar 

  8. A. Finzi, F. Pirri, and R. Reiter, “Open World Planning in the Situation Calculus,”, in Proceedings of the Seventeenth National Conference on Artificial Intelligence [1], pp. 754–760.

    Google Scholar 

  9. R. J. Firby, “An Investigation in Reactive Planning in Complex Domains,” in Proceedings of the Sixth National Conference on Artificial Intelligence, pp. 196–201. AAAI, Morgan Kaufmann Publishers, Inc., 1987.

    Google Scholar 

  10. C. W. Geib and R. P. Goldman, “Plan recognition in intrusion detection systems,”, in DARPA Information Survivability Conference and Exposition(DISCEX-2001) [5], pp. 46–55.

    Google Scholar 

  11. M. Georgeff and A. Lansky, “Procedural Knowledge,” Proceedings of the IEEE, Special Issue on Knowledge Representation, vol. 74, pp. 1383–1398, October 1986.

    Google Scholar 

  12. M. P. Georgeff and F. F. Ingrand, “Real-Time Reasoning: The Monitoring and Control of Spacecraft Systems,” in Proceedings of the Sixth Conference on Artificial Intelligence Application, pp. 198–204, 1990.

    Google Scholar 

  13. G. D. Giacomo, Y. Lesperance, and H. Levesque, “ConGolog, A concurrent programming language based on the situation calculus,” Artificial Intelligence, vol. 121, no. 1-2, pp. 109–169, 2000.

    Article  MATH  MathSciNet  Google Scholar 

  14. G. D. Giacomo, H. J. Levesque, and S. Sardiña, “Incremental execution of guarded theories,” ACM Transactions on Computational Logic, vol. 2, no. 4, pp. 495–525, October 2001.

    Article  MathSciNet  Google Scholar 

  15. R. P. Goldman, W. Heimerdinger, S. A. Harp, W. Geib, V. Thomas, and R. L. Carter, “Information Modeling for Intrusion Report Aggregation,”, in DARPA Information Survivability Conference and Exposition(DISCEX-2001) [5], pp. 329–342.

    Google Scholar 

  16. H. Grosskreutz and G. Lakemeyer, “On-Line Execution of cc-Golog Plans,” in Proceedings of the 17th International Joint Conference on Artificial Intelligence, pp. 12–18, Los Altos, CA, August 2001, Morgan Kaufmann Publishers, Inc.

    Google Scholar 

  17. A. R. Haas, “The case for domain-specific frame axioms,” in The Frame Problem in Artificial Intelligence: Proceedings of the 1987 Workshop. Morgan Kaufmann, 1987.

    Google Scholar 

  18. Y. Lesperance, August 2001. Personal communication.

    Google Scholar 

  19. H. J. Levesque and M. Pagnucco, “Legolog: Inexpensive Experiments in Cognitive Robotics,” in Proceedings of the Second International Cognitive Robotics Workshop, Berlin, Germany, August 2000.

    Google Scholar 

  20. H. J. Levesque, R. Reiter, Y. Lesperance, F. Lin, and R. Scherl, “GOLOG: A Logic Programming Language for Dynamic Domains,” Journal of Logic Programming, vol. 31, no. 1-3, pp. 59–83, 1997.

    Article  MATH  MathSciNet  Google Scholar 

  21. J. McCarthy and P. J. Hayes, “Some philosophical problems from the standpoint of artificial intelligence,” in Machine Intelligence, B. Meltzer and D. Michie, editors, volume 4, Edinburgh University Press, Edinburgh, 1969.

    Google Scholar 

  22. R. Reiter, “The Frame Problem in the Situation Calculus: A Simple Solution (Sometimes) and a Completeness Result for Goal Regression,” in Artificial Intelligence and Mathematical Theory of Computation: Papers in Honor of John McCarthy, Vladimir Lifschitz (Ed.), Academic Press, 1991.

    Google Scholar 

  23. R. Reiter, Knowledge in Action, MIT Press, Cambridge, MA, 2001.

    MATH  Google Scholar 

  24. R. W. Ritchey and P. Ammann, “Using model checking to analyze network vulnerabilities,” in Proceedings 2000 IEEE Computer Society Symposium on Security and Privacy, pp. 156–165, May 2000.

    Google Scholar 

  25. R. B. Scherl and H. J. Levesque, “The Frame Problem and Knowledge-producing Actions,” in Proceedings of the Eleventh National Conference on Artificial Intelligence, pp. 689–695, Menlo Park, CA, 1993, AAAI Press/MIT Press.

    Google Scholar 

  26. B. Schneier, Secrets & Lies, John Wiley & Sons, 2000.

    Google Scholar 

  27. L. Schubert, “Monotonic Solution of the Frame Problem in the situation calculus,” in Knowledge Representation and Defeasible Reasoning, J. H.E. Kyburg, editor, pp. 23–67, Kluwer Academic Publishers, 1990.

    Google Scholar 

  28. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, “Automated generation and analysis of attack graphs,” in 2002 IEEE Symposium on Security and Privacy (SSP’ 02), pp. 273–284, Washington-Brussels-Tokyo, May 2002, IEEE.

    Google Scholar 

  29. S. J. Templeton and K. Levitt, “A Requires/Provides Model for Computer Attacks,” in Proceedings of the New Security Paradigms Workshop, sep 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Smart Information Flow Technologies (SIFT), LLC, 2119 Oliver Avenue South, Minneapolis, MN, 55405-2440, USA

    Robert P. Goldman

Authors
  1. Robert P. Goldman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IBM Zurich Research Laboratory, Säumerstraße 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

  2. Department of Computer Science, University of California at Santa Barbara, Santa Barbara, CA, 93106-5110, USA

    Giovanni Vigna

  3. Centro Serra, University of Pisa, Lungarno Pacinotti 43, 56100, Pisa, Italy

    Luca Deri

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Goldman, R.P. (2002). A Stochastic Model for Intrusions. In: Wespi, A., Vigna, G., Deri, L. (eds) Recent Advances in Intrusion Detection. RAID 2002. Lecture Notes in Computer Science, vol 2516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36084-0_11

Download citation

  • DOI: https://doi.org/10.1007/3-540-36084-0_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00020-4

  • Online ISBN: 978-3-540-36084-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation