Comments (12)
http://horicky.blogspot.com/2010/07/google-pregel-graph-processing.html
Original comment by [email protected]
on 16 Jul 2012 at 5:42
from collective-intelligence-framework.
https://groups.google.com/d/topic/ci-framework/loLVy0JmlFE/discussion
Original comment by [email protected]
on 16 Jul 2012 at 5:44
from collective-intelligence-framework.
http://inductionapp.com/
Original comment by [email protected]
on 16 Jul 2012 at 7:21
from collective-intelligence-framework.
gephi.org
Original comment by [email protected]
on 16 Jul 2012 at 7:22
from collective-intelligence-framework.
http://csis.gmu.edu/noel/pubs/2006_CompComm.pdf
http://people.cis.ksu.edu/~halmohri/files/An%20Attack%20Graph-Based%20Probabilis
tic%20Security%20Metric.pdf
http://csrc.nist.gov/staff/Singhal/qop2008_DBN_paper.pdf
Original comment by [email protected]
on 16 Jul 2012 at 9:20
from collective-intelligence-framework.
Correlating Intrusion Events and Building Attack Scenarios through Attack Graph
Distances
http://users.encs.concordia.ca/~wang/idsj.pdf
Using attack graphs for correlating, hypothesizing, and predicting intrusion
alerts
http://acsac.org/2004/papers/49.pdf
Original comment by [email protected]
on 17 Jul 2012 at 9:41
from collective-intelligence-framework.
MulVAL: A logic-based network security analyzer
http://people.cis.ksu.edu/~xou/mulval/
Original comment by [email protected]
on 18 Jul 2012 at 2:44
from collective-intelligence-framework.
The first step is probably determining the format and storage mechanism for the
graph. Rules such as what will be nodes, what will be edges, where attributes
are recorded, etc will lead to fundamental constraints on how the graph can be
used later on, (since some graph algorithms require graphs to meet certain
constraints).
Also, the storage of the graph will be critical. The method for storing the
graph will have a direct effect on how quickly it can be searched. Some
notional use-cases will probably be necessary to understand how to store the
data.
Once the structure is created, modules implementing various uses can then be
created such as:
-Search for likely attack paths and expected sensor outputs for those paths
-Given a sensor state, likely malicious events and vulnerable conditions on the
network.
-Given an event with arbitrary attributes, what are likely threats/consequences
associated with that event.
Original comment by [email protected]
on 19 Jul 2012 at 2:16
from collective-intelligence-framework.
To form a graph just to start messing around with, you can take the format for
importing spreadsheets from gephi's site
(https://gephi.org/users/supported-graph-formats/spreadsheet/) and just throw
two tables together, (one for nodes and one for edges).
Then fill it with some data. I created a bunch of ways to break into my home
network. (email scam, SMS scam, cold call tech support, direct attack on my
servers, direct attack based on IP address from my email, etc). You can have
different threats (internet criminal, online enemy, hactivist, etc). You can
have multiple consequences (steals your banking information, steals your
contact information, wipes your computers, turns on your webcams, etc, etc).
You should get a nice little graph going.
From there, look up Breath First Searches (BFS,
http://en.wikipedia.org/wiki/Breath_first_search) and Depth First Search (DFS,
http://en.wikipedia.org/wiki/Depth-first_search). Code up some quick examples
and practice using them for looking for things in your graph (or updating
values). This is most analigious to the Intrusion Detection Problem.
The next thing I did was give distances to the edges to represent likelihood
and then implemented Dijkstra's shortest algorithm
(http://www.vogella.com/articles/JavaAlgorithmsDijkstra/article.html) but
slightly modified to find the longest path (highest risk) and to multiple
rather than add the distance.
Original comment by [email protected]
on 19 Jul 2012 at 8:23
from collective-intelligence-framework.
Based on Joe Stewart's "Chasing APT" brief from Blackhat, it appears they
already have a robust graph of threats and threat attributes. If that could be
married with a graph of attacks from Verizon's DBIR, you would have a clear
connection between threats and attacks (and potential attacks). If you then
mapped events from sensors (including non-security events), you could then
search through the DBIR portion of the graph back to the "Chasing APT" portion
of the graph to find threat actors.
Original comment by [email protected]
on 10 Aug 2012 at 6:14
from collective-intelligence-framework.
Original comment by [email protected]
on 17 Oct 2012 at 4:19
- Added labels: Milestone-Wishlist
from collective-intelligence-framework.
https://github.com/collectiveintel/cif-v2/issues/22
Original comment by [email protected]
on 5 Apr 2013 at 2:52
- Changed state: Duplicate
from collective-intelligence-framework.
Related Issues (20)
- honeysnap integration HOT 2
- TLD feed integration HOT 2
- oath api integration HOT 3
- threat indicator management HOT 5
- CIF Health Monitoring HOT 3
- cif-profiles integration HOT 3
- cif-router peering HOT 5
- malware binary support HOT 4
- add format driver option HOT 2
- integrate route-views data HOT 1
- integrate bgpmon data HOT 1
- search correlation ideas HOT 2
- ability to run as a cron HOT 2
- contribute peer lookup to Net-Abuse-Utils HOT 1
- iodef-format bug "by_address" to "to_keypair" HOT 2
- Add ICSG report type to Cuckoo HOT 3
- feeds: maxrecord limit not holding HOT 1
- custom fields HOT 1
- Single feed causes parsing error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from collective-intelligence-framework.