Modeling and Reconstruction of Multi-stage Attacks

Abstract

This paper present a lightweight modeling technique that is suitable for attack description and reconstruction. It allows reconstruction of steps taken by the attacker during each stage using predefined attack ontology and traces left by the attacker. Simplicity and comprehensiveness of the proposed models makes them readable and appropriate for inclusion in incidence reports and investigation. At the same time given a predefined ontology the proposed modeling technique can be used to enhance reconstruction of attacks from forensic data.