Towards probabilistic identification of zero-day attack paths

Xiaoyan Sun, Jun Dai, Peng Liu, Anoop Singhal, John Yen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Scopus citations

Abstract

Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi-step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero-day threats. In this paper, we propose a probabilistic approach to identify zero-day attack paths and implement a prototype system named ZePro. An object instance graph is first built from system calls to capture the intrusion propagation. To further reveal the zero-day attack paths hiding in the instance graph, our system constructs an instance-graph-based Bayesian network. By leveraging intrusion evidence, the Bayesian network can quantitatively compute the probabilities of object instances being infected. The object instances with high infection probabilities reveal themselves and form the zero-day attack paths. The experiment results show that our system can effectively identify zero-day attack paths.

Original languageEnglish (US)
Title of host publication2016 IEEE Conference on Communications and Network Security, CNS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages64-72
Number of pages9
ISBN (Electronic)9781509030651
DOIs
StatePublished - Feb 21 2017
Event2016 IEEE Conference on Communications and Network Security, CNS 2016 - Philadelphia, United States
Duration: Oct 17 2016Oct 19 2016

Publication series

Name2016 IEEE Conference on Communications and Network Security, CNS 2016

Other

Other2016 IEEE Conference on Communications and Network Security, CNS 2016
Country/TerritoryUnited States
CityPhiladelphia
Period10/17/1610/19/16

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Towards probabilistic identification of zero-day attack paths'. Together they form a unique fingerprint.

Cite this