Assessing the genuineness of events in runtime monitoring of cyber systems

Tsigritis, T. & Spanoudakis, G. (2013). Assessing the genuineness of events in runtime monitoring of cyber systems. Computers and Security, 38, pp. 76-96. doi: 10.1016/j.cose.2013.03.011

[img]
Preview
PDF - Accepted Version
Download (1MB) | Preview

Abstract

Monitoring security properties of cyber systems at runtime is necessary if the preservation of such properties cannot be guaranteed by formal analysis of their specification. It is also necessary if the runtime interactions between their components that are distributed over different types of local and wide area networks cannot be fully analysed before putting the systems in operation. The effectiveness of runtime monitoring depends on the trustworthiness of the runtime system events, which are analysed by the monitor. In this paper, we describe an approach for assessing the trustworthiness of such events. Our approach is based on the generation of possible explanations of runtime events based on a diagnostic model of the system under surveillance using abductive reasoning, and the confirmation of the validity of such explanations and the runtime events using belief based reasoning. The assessment process that we have developed based on this approach has been implemented as part of the EVEREST runtime monitoring framework and has been evaluated in a series of simulations that are discussed in the paper.

Item Type: Article
Additional Information: NOTICE: this is the author’s version of a work that was accepted for publication in <Journal title>. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers & Security, Volume 38, October 2013, Pages 76–96, http://dx.doi.org/10.1016/j.cose.2013.03.011.
Uncontrolled Keywords: cyber system monitoring, event trustworthiness, belief based reasoning, abductive reasoning
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: School of Informatics > Department of Computing
URI: http://openaccess.city.ac.uk/id/eprint/2466

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics