Janus: A two-sided analytical model for multi-stage coordinated attacks

Zonghua Zhang; Pin Han Ho; Xiaodong Lin; Hong Shen

doi:10.1007/11927587_13

Janus: A two-sided analytical model for multi-stage coordinated attacks

Zonghua Zhang, Pin Han Ho, Xiaodong Lin, Hong Shen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Citations (Scopus)

Abstract

The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spadal characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender's standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.

Original language	English
Title of host publication	Information Security and Cryptology - ICISC 2006
Subtitle of host publication	9th International Conference, Proceedings
Publisher	Springer Verlag
Pages	136-154
Number of pages	19
ISBN (Print)	3540491120, 9783540491125
DOIs	https://doi.org/10.1007/11927587_13
Publication status	Published - 2006
Externally published	Yes
Event	ICISC 2006: 9th International Conference on Information Security and Cryptology - Busan, Korea, Republic of Duration: 30 Nov 2006 → 1 Dec 2006

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4296 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	ICISC 2006: 9th International Conference on Information Security and Cryptology
Country/Territory	Korea, Republic of
City	Busan
Period	30/11/06 → 1/12/06

Access to Document

10.1007/11927587_13

Cite this

Zhang, Z., Ho, P. H., Lin, X., & Shen, H. (2006). Janus: A two-sided analytical model for multi-stage coordinated attacks. In Information Security and Cryptology - ICISC 2006: 9th International Conference, Proceedings (pp. 136-154). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4296 LNCS). Springer Verlag. https://doi.org/10.1007/11927587_13

Zhang, Zonghua ; Ho, Pin Han ; Lin, Xiaodong et al. / Janus : A two-sided analytical model for multi-stage coordinated attacks. Information Security and Cryptology - ICISC 2006: 9th International Conference, Proceedings. Springer Verlag, 2006. pp. 136-154 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e6987711d3bb45e5b06b2e2bb1585915,

title = "Janus: A two-sided analytical model for multi-stage coordinated attacks",

abstract = "The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spadal characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender's standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.",

author = "Zonghua Zhang and Ho, {Pin Han} and Xiaodong Lin and Hong Shen",

year = "2006",

doi = "10.1007/11927587_13",

language = "English",

isbn = "3540491120",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "136--154",

booktitle = "Information Security and Cryptology - ICISC 2006",

address = "Germany",

note = "ICISC 2006: 9th International Conference on Information Security and Cryptology ; Conference date: 30-11-2006 Through 01-12-2006",

}

Zhang, Z, Ho, PH, Lin, X & Shen, H 2006, Janus: A two-sided analytical model for multi-stage coordinated attacks. in Information Security and Cryptology - ICISC 2006: 9th International Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4296 LNCS, Springer Verlag, pp. 136-154, ICISC 2006: 9th International Conference on Information Security and Cryptology, Busan, Korea, Republic of, 30/11/06. https://doi.org/10.1007/11927587_13

Janus: A two-sided analytical model for multi-stage coordinated attacks. / Zhang, Zonghua; Ho, Pin Han; Lin, Xiaodong et al.
Information Security and Cryptology - ICISC 2006: 9th International Conference, Proceedings. Springer Verlag, 2006. p. 136-154 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4296 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Janus

T2 - ICISC 2006: 9th International Conference on Information Security and Cryptology

AU - Zhang, Zonghua

AU - Ho, Pin Han

AU - Lin, Xiaodong

AU - Shen, Hong

PY - 2006

Y1 - 2006

N2 - The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spadal characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender's standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.

AB - The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spadal characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender's standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.

UR - http://www.scopus.com/inward/record.url?scp=34547411569&partnerID=8YFLogxK

U2 - 10.1007/11927587_13

DO - 10.1007/11927587_13

M3 - Conference contribution

AN - SCOPUS:34547411569

SN - 3540491120

SN - 9783540491125

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 136

EP - 154

BT - Information Security and Cryptology - ICISC 2006

PB - Springer Verlag

Y2 - 30 November 2006 through 1 December 2006

ER -

Zhang Z, Ho PH, Lin X, Shen H. Janus: A two-sided analytical model for multi-stage coordinated attacks. In Information Security and Cryptology - ICISC 2006: 9th International Conference, Proceedings. Springer Verlag. 2006. p. 136-154. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11927587_13

Janus: A two-sided analytical model for multi-stage coordinated attacks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this