TY - GEN
T1 - New goal recognition algorithms using attack graphs
AU - Mirsky, Reuth
AU - Shalom, Ya’ar
AU - Majadly, Ahmad
AU - Gal, Kobi
AU - Puzis, Rami
AU - Felner, Ariel
N1 - Publisher Copyright:
© Springer Nature Switzerland AG 2019.
PY - 2019/1/1
Y1 - 2019/1/1
N2 - Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal recognition to be carried out in near-real-time. These algorithms can potentially improve both risk management and alert correlation mechanisms for intrusion detection.
AB - Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal recognition to be carried out in near-real-time. These algorithms can potentially improve both risk management and alert correlation mechanisms for intrusion detection.
UR - http://www.scopus.com/inward/record.url?scp=85068209424&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-20951-3_23
DO - 10.1007/978-3-030-20951-3_23
M3 - Conference contribution
AN - SCOPUS:85068209424
SN - 9783030209506
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 260
EP - 278
BT - Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings
A2 - Dolev, Shlomi
A2 - Hendler, Danny
A2 - Lodha, Sachin
A2 - Yung, Moti
PB - Springer Verlag
T2 - 3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019
Y2 - 27 June 2019 through 28 June 2019
ER -