New goal recognition algorithms using attack graphs

Reuth Mirsky, Ya’ar Shalom, Ahmad Majadly, Kobi Gal, Rami Puzis, Ariel Felner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Goal recognition is the task of inferring the goal of an actor given its observed actions. Attack graphs are a common representation of assets, vulnerabilities, and exploits used for analysis of potential intrusions in computer networks. This paper introduces new goal recognition algorithms on attack graphs. The main challenges involving goal recognition in cyber security include dealing with noisy and partial observations as well as the need for fast, near-real-time performance. To this end we propose improvements to existing planning-based algorithms for goal recognition, reducing their time complexity and allowing them to handle noisy observations. We also introduce two new metric-based algorithms for goal recognition. Experimental results show that the metric based algorithms improve performance when compared to the planning based algorithms, in terms of accuracy and runtime, thus enabling goal recognition to be carried out in near-real-time. These algorithms can potentially improve both risk management and alert correlation mechanisms for intrusion detection.

Original languageEnglish
Title of host publicationCyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings
EditorsShlomi Dolev, Danny Hendler, Sachin Lodha, Moti Yung
PublisherSpringer Verlag
Pages260-278
Number of pages19
ISBN (Print)9783030209506
DOIs
StatePublished - 1 Jan 2019
Event3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019 - Beer Sheva, Israel
Duration: 27 Jun 201928 Jun 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11527 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019
Country/TerritoryIsrael
CityBeer Sheva
Period27/06/1928/06/19

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)

Fingerprint

Dive into the research topics of 'New goal recognition algorithms using attack graphs'. Together they form a unique fingerprint.

Cite this