Janus: A two-sided analytical model for multi-stage coordinated attacks

Zonghua Zhang, Pin Han Ho, Xiaodong Lin, Hong Shen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Citations (Scopus)


The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spadal characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender's standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.

Original languageEnglish
Title of host publicationInformation Security and Cryptology - ICISC 2006
Subtitle of host publication9th International Conference, Proceedings
PublisherSpringer Verlag
Number of pages19
ISBN (Print)3540491120, 9783540491125
Publication statusPublished - 2006
Externally publishedYes
EventICISC 2006: 9th International Conference on Information Security and Cryptology - Busan, Korea, Republic of
Duration: 30 Nov 20061 Dec 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4296 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceICISC 2006: 9th International Conference on Information Security and Cryptology
Country/TerritoryKorea, Republic of


Dive into the research topics of 'Janus: A two-sided analytical model for multi-stage coordinated attacks'. Together they form a unique fingerprint.

Cite this