Poster: Detecting monitor compromise using evidential reasoning

Uttam Thakore, Ahmed Fawaz, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Stealthy attackers often disable or tamper with system monitors to hide their tracks and evade detection. In this poster, we present a data-driven technique to detect such monitor compromise using evidential reasoning. Leveraging the fact that hiding from multiple, redundant monitors is difficult for an attacker, to identify potential monitor compromise, we combine alerts from different sets of monitors by using Dempster-Shafer theory, and compare the results to find outliers. We describe our ongoing work in this area.

Original languageEnglish (US)
Title of host publicationProceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450364553
DOIs
StatePublished - Apr 10 2018
Event5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018 - Raleigh, United States
Duration: Apr 10 2018Apr 11 2018

Publication series

NameACM International Conference Proceeding Series

Other

Other5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018
CountryUnited States
CityRaleigh
Period4/10/184/11/18

Keywords

  • Evidential reasoning
  • Intrusion detection
  • Machine learning
  • Security

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Thakore, U., Fawaz, A., & Sanders, W. H. (2018). Poster: Detecting monitor compromise using evidential reasoning. In Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2018 [3191693] (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3190619.3191693