Modeling and reconstruction of multi-stage attacks

Sergey Rubinshtein, Rami Puzis

2016 IEEE International Conference on Software Science, Technology and …, 2016

This paper present a lightweight modeling technique that is suitable for attack description and reconstruction. It allows reconstruction of steps taken by the attacker during each stage using predefined attack ontology and traces left by the attacker. Simplicity and comprehensiveness of the proposed models makes them readable and appropriate for inclusion in incidence reports and investigation. At the same time given a predefined ontology the proposed modeling technique can be used to enhance reconstruction of attacks from forensic data.