City Research Online

Assessing the genuineness of events in runtime monitoring of cyber systems

Tsigritis, T. and Spanoudakis, G. (2013). Assessing the genuineness of events in runtime monitoring of cyber systems. Computers and Security, 38, pp. 76-96. doi: 10.1016/j.cose.2013.03.011

Abstract

Monitoring security properties of cyber systems at runtime is necessary if the preservation of such properties cannot be guaranteed by formal analysis of their specification. It is also necessary if the runtime interactions between their components that are distributed over different types of local and wide area networks cannot be fully analysed before putting the systems in operation. The effectiveness of runtime monitoring depends on the trustworthiness of the runtime system events, which are analysed by the monitor. In this paper, we describe an approach for assessing the trustworthiness of such events. Our approach is based on the generation of possible explanations of runtime events based on a diagnostic model of the system under surveillance using abductive reasoning, and the confirmation of the validity of such explanations and the runtime events using belief based reasoning. The assessment process that we have developed based on this approach has been implemented as part of the EVEREST runtime monitoring framework and has been evaluated in a series of simulations that are discussed in the paper.

Publication Type: Article
Additional Information: NOTICE: this is the author’s version of a work that was accepted for publication in <Journal title>. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers & Security, Volume 38, October 2013, Pages 76–96, http://dx.doi.org/10.1016/j.cose.2013.03.011.
Publisher Keywords: cyber system monitoring, event trustworthiness, belief based reasoning, abductive reasoning
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments: School of Mathematics, Computer Science & Engineering > Computer Science
URI: http://openaccess.city.ac.uk/id/eprint/2466
[img]
Preview
PDF - Accepted Version
Download (1MB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login