Poster: Detecting monitor compromise using evidential reasoning

Uttam Thakore, Ahmed Fawaz, William H Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Stealthy attackers often disable or tamper with system monitors to hide their tracks and evade detection. In this poster, we present a data-driven technique to detect such monitor compromise using evidential reasoning. Leveraging the fact that hiding from multiple, redundant monitors is difficult for an attacker, to identify potential monitor compromise, we combine alerts from different sets of monitors by using Dempster-Shafer theory, and compare the results to find outliers. We describe our ongoing work in this area.

Original languageEnglish (US)
Title of host publicationProceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450364553
DOIs
StatePublished - Apr 10 2018
Event5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018 - Raleigh, United States
Duration: Apr 10 2018Apr 11 2018

Publication series

NameACM International Conference Proceeding Series

Other

Other5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018
CountryUnited States
CityRaleigh
Period4/10/184/11/18

Keywords

  • Evidential reasoning
  • Intrusion detection
  • Machine learning
  • Security

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Thakore, U., Fawaz, A., & Sanders, W. H. (2018). Poster: Detecting monitor compromise using evidential reasoning. In Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018 [3191693] (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3190619.3191693

Poster : Detecting monitor compromise using evidential reasoning. / Thakore, Uttam; Fawaz, Ahmed; Sanders, William H.

Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018. Association for Computing Machinery, 2018. 3191693 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Thakore, U, Fawaz, A & Sanders, WH 2018, Poster: Detecting monitor compromise using evidential reasoning. in Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018., 3191693, ACM International Conference Proceeding Series, Association for Computing Machinery, 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018, Raleigh, United States, 4/10/18. https://doi.org/10.1145/3190619.3191693
Thakore U, Fawaz A, Sanders WH. Poster: Detecting monitor compromise using evidential reasoning. In Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018. Association for Computing Machinery. 2018. 3191693. (ACM International Conference Proceeding Series). https://doi.org/10.1145/3190619.3191693
Thakore, Uttam ; Fawaz, Ahmed ; Sanders, William H. / Poster : Detecting monitor compromise using evidential reasoning. Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018. Association for Computing Machinery, 2018. (ACM International Conference Proceeding Series).
@inproceedings{6e7fa55788e24935a31da9cf2b191af5,
title = "Poster: Detecting monitor compromise using evidential reasoning",
abstract = "Stealthy attackers often disable or tamper with system monitors to hide their tracks and evade detection. In this poster, we present a data-driven technique to detect such monitor compromise using evidential reasoning. Leveraging the fact that hiding from multiple, redundant monitors is difficult for an attacker, to identify potential monitor compromise, we combine alerts from different sets of monitors by using Dempster-Shafer theory, and compare the results to find outliers. We describe our ongoing work in this area.",
keywords = "Evidential reasoning, Intrusion detection, Machine learning, Security",
author = "Uttam Thakore and Ahmed Fawaz and Sanders, {William H}",
year = "2018",
month = "4",
day = "10",
doi = "10.1145/3190619.3191693",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
booktitle = "Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018",

}

TY - GEN

T1 - Poster

T2 - Detecting monitor compromise using evidential reasoning

AU - Thakore, Uttam

AU - Fawaz, Ahmed

AU - Sanders, William H

PY - 2018/4/10

Y1 - 2018/4/10

N2 - Stealthy attackers often disable or tamper with system monitors to hide their tracks and evade detection. In this poster, we present a data-driven technique to detect such monitor compromise using evidential reasoning. Leveraging the fact that hiding from multiple, redundant monitors is difficult for an attacker, to identify potential monitor compromise, we combine alerts from different sets of monitors by using Dempster-Shafer theory, and compare the results to find outliers. We describe our ongoing work in this area.

AB - Stealthy attackers often disable or tamper with system monitors to hide their tracks and evade detection. In this poster, we present a data-driven technique to detect such monitor compromise using evidential reasoning. Leveraging the fact that hiding from multiple, redundant monitors is difficult for an attacker, to identify potential monitor compromise, we combine alerts from different sets of monitors by using Dempster-Shafer theory, and compare the results to find outliers. We describe our ongoing work in this area.

KW - Evidential reasoning

KW - Intrusion detection

KW - Machine learning

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85047224486&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85047224486&partnerID=8YFLogxK

U2 - 10.1145/3190619.3191693

DO - 10.1145/3190619.3191693

M3 - Conference contribution

AN - SCOPUS:85047224486

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018

PB - Association for Computing Machinery

ER -