Detecting Monitor Compromise using Evidential Reasoning

Title	Detecting Monitor Compromise using Evidential Reasoning
Publication Type	Presentation
Year of Publication	2018
Authors	Uttam Thakore, University of Illinois at Urbana-Champaign, Ahmed Fawaz, University of Illinois at Urbana-Champaign, William H. Sanders, University of Illinois at Urbana-Champaign
Keywords	evidential reasoning, Intrusion detection, machine learning, Monitoring, Fusion, and Response for Cyber Resilience, NSA SoS Lablets Materials, Resilient Architectures, science of security, security, UIUC
Abstract	Stealthy attackers often disable or tamper with system monitors to hide their tracks and evade detection. In this poster, we present a data-driven technique to detect such monitor compromise using evidential reasoning. Leveraging the fact that hiding from multiple, redundant monitors is difficult for an attacker, to identify potential monitor compromise, we combine alerts from different sets of monitors by using Dempster-Shafer theory, and compare the results to find outliers. We describe our ongoing work in this area.
Citation Key	node-54926

Other available formats:

Attachment	Taxonomy	Kind	Size
Detecting Monitor Compromise Using Evidential Reasoning	Science of Security evidential reasoning Intrusion Detection machine learning Science of Security security Resilient Architectures Monitoring, Fusion, and Response for Cyber Resilience UIUC UIUC NSA SoS Lablets Materials	PDF document	488.01 KB	Download Preview

Attachment	Size
	bytes