Capturing the uncertain aspects in cyber threat analyses is an important part of a wide range of efforts, including diagnostics, threat evaluation, and preventing attacks. However, there has been insufficient research and development of modeling approaches that are able to correctly capture and handle such uncertainty. In this work, we present an application example of the DeLP3E framework - a formalism that extends structured argumentation based on logic programming - in the domain of cyber threat analysis; in particular, near real-time analyses such as incident response in enterprise networks. The DeLP3E framework provides a unique combination of dialectical reasoning, rule-based inference, and probabilistic modeling to not only offer suggested responses to given situations, but also to explain to the analyst why the system reaches its conclusions.
Cyber threat analysis with structured probabilistic argumentation
Simari G. I.;Simari G. R.;
2019-01-01
Abstract
Capturing the uncertain aspects in cyber threat analyses is an important part of a wide range of efforts, including diagnostics, threat evaluation, and preventing attacks. However, there has been insufficient research and development of modeling approaches that are able to correctly capture and handle such uncertainty. In this work, we present an application example of the DeLP3E framework - a formalism that extends structured argumentation based on logic programming - in the domain of cyber threat analysis; in particular, near real-time analyses such as incident response in enterprise networks. The DeLP3E framework provides a unique combination of dialectical reasoning, rule-based inference, and probabilistic modeling to not only offer suggested responses to given situations, but also to explain to the analyst why the system reaches its conclusions.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
