Spring, JM;
Pym, D;
(2018)
Towards Scientific Incident Response.
In: Bushnell, Linda and Tamer, Basar and Radha, Poovendran, (eds.)
Proceedings of the 9th International Conference on Decision and Game Theory for Security.
(pp. pp. 398-417).
Springer Nature: Cham, Switzerland.
Preview |
Text
tmp.pdf - Accepted Version Download (359kB) | Preview |
Abstract
A scientific incident analysis is one with a methodical, justifiable approach to the human decision-making process. Incident analysis is a good target for additional rigor because it is the most human-intensive part of incident response. Our goal is to provide the tools necessary for specifying precisely the reasoning process in incident analysis. Such tools are lacking, and are a necessary (though not sufficient) component of a more scientific analysis process. To reach this goal, we adapt tools from program verification that can capture and test abductive reasoning. As Charles Peirce coined the term in 1900, “Abduction is the process of forming an explanatory hypothesis. It is the only logical operation which introduces any new idea.” We reference canonical examples as paradigms of decision-making during analysis. With these examples in mind, we design a logic capable of expressing decision-making during incident analysis. The result is that we can express, in machine-readable and precise language, the abductive hypotheses than an analyst makes, and the results of evaluating them. This result is beneficial because it opens up the opportunity of genuinely comparing analyst processes without revealing sensitive system details, as well as opening an opportunity towards improved decision-support via limited automation.
| Type: | Proceedings paper |
|---|---|
| Title: | Towards Scientific Incident Response |
| Event: | 9th International Conference on Decision and Game Theory for Security (GameSec 2018), 29-31 October 2018, Seattle, WA, USA |
| ISBN-13: | 9783030015534 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1007/978-3-030-01554-1_23 |
| Publisher version: | https://doi.org/10.1007/978-3-030-01554-1_23 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Incident response, Digital forensics, Science of security, Mathematical modelling, Logical modelling, Intrusion analysis |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10056619 |
Archive Staff Only
 |
View Item |
