ADAPT: A Game Inspired Attack-Defense and Performance Metric Taxonomy

Simmons, Chris; Shiva, Sajjan G.; Bedi, Harkeerat; Shandilya, Vivek

doi:10.1007/978-3-642-39218-4_26

Cited by 9 publications

(13 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using attack components, a set of metrics are defined and used by an attack defense performance taxonomy (ADAPT system [8]). This system is game model-based.…”

Section: Detection and Response Solutionsmentioning

confidence: 99%

A Novel Security Architecture Based on Multi-level Rule Expression Language

Souissi

Sliman

Charroux

2015

Hybrid Intelligent Systems

View full text Add to dashboard Cite

International audienceThis paper introduces an attack detection and response system based on multi-level rule expression language. It provides a framework to evaluate, identify, classify and defend against sophisticated attacks. Our approach helps simplifying complex rules' expression and alert handling, thanks to a modular architecture and an intuitive rules along with a powerful expression language. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms. 1 Introduction Security aims at protecting firm resources from undesired access by users and applications. Improving security in enterprise information system relies on analyzing threats, risks and vulnerabilities to specify appropriate countermeasures. This imposes several challenges to tackle with security issues. One of these challenges is detection and mitigation of attacks. To deal with the growing complexity of new attacks, several solutions such as intrusion detection and prevention systems (IDS/IPS) and web application firewalls (WAF) have been proposed. These solutions can be based either on signature or on behavior detection. They play an important role in countering security threats. Signature based system tend to use static rules and to detect only specific attacks or anomalous behaviors that are already known. In anomaly-based case, they need learning process and detection is more complex. In addition, attack detection techniques are far from being satisfactory [1]. In fact, solutions like IDSs provide unmanageable amount of " false positives " alarms which are hard to inspect. Furthermore, many detection systems do not offer an appropriate compromise between acceptable performance and detection language simplicity

show abstract

“…Using attack components, a set of metrics are defined and used by an attack defense performance taxonomy (ADAPT system [8]). This system is game model-based.…”

Section: Detection and Response Solutionsmentioning

confidence: 99%

A Novel Security Architecture Based on Multi-level Rule Expression Language

Souissi

Sliman

Charroux

2015

Hybrid Intelligent Systems

View full text Add to dashboard Cite

show abstract

“…Then these inputs and submitted 6 to the KMS appropriately by the GCU 7 . The information is analyzed and attack/attacks is/are identified using attack identification system.…”

Section: Operational Flowmentioning

confidence: 99%

“…Not only different attacks warrant for different games to be played with different appropriate game models, different scenarios with same kind of attack may need different game models with 6 The GIDA Action Agent uses the first lookup table for this. 7 A typical example for this would be when two different sensors detect slight anomalies, but individual neither large enough to warrant a standard reflex action, as per sensor/actuator policies. different considerations of rewards and transition functions.…”

Section: Game Model Repositorymentioning

confidence: 99%

“…[7] presents the architecture to construct a security system based on the game theory approach. The generic game model and the game here are useful to derive different game models and instantiate games, appropriate for different 1 Administrator, as the sensor of the user is considered to be error free we are considering here the worst case scenario for the administrator.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On a Generic Security Game Model

Shandilya¹,

Shiva²

2017

IJCNS

Self Cite

View full text Add to dashboard Cite

To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic enough to capture various modes of such interactions. The model facilitates stochastic games with imperfect information. The information is imperfect due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over other multiple states, we use Euclidean distances between the outputs of the sensors. We build a 5-state game to represent the interaction of the administrator with the user. The states correspond to 1) the user being out of the system in the Internet, and after logging in to the system; 2) having low privileges; 3) having high privileges; 4) when he successfully attacks and 5) gets trapped in a honeypot by the administrator. Each state has its own action set. We present the game with a distinct perceived action set corresponding to each distinct information set of these states. The model facilitates stochastic games with imperfect information. The imperfect information is due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over the states, we use Euclidean distances between outputs of the sensors. A numerical simulation of an example game is presented to show the evaluation of rewards to the players and the preferred strategies. We also present the conditions for formulating the strategies when dealing with more than one attacker and making collaborations.

show abstract

“…In addition, several mitigation approaches utilize game-theoretic techniques [27]- [30]. In general, DDoS attacks are modeled as a game between each attacker node and the defender.…”

Section: Related Workmentioning

confidence: 99%

Trustworthy DDoS Defense: Design, Proof of Concept Implementation and Testing

Eid

Aida

2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks based on HTTP and HTTPS (i.e., HTTP(S)-DDoS) are increasingly popular among attackers. Overlay-based mitigation solutions attract small and mediumsized enterprises mainly for their low cost and high scalability. However, conventional overlay-based solutions assume content inspection to remotely mitigate HTTP(S)-DDoS attacks, prompting trust concerns. This paper reports on a new overlay-based method which practically adds a third level of client identification (to conventional per-IP and per-connection). This enhanced identification enables remote mitigation of more complex HTTP(S)-DDoS categories without content inspection. A novel behaviorbased reputation and penalty system is designed, then a simplified proof of concept prototype is implemented and deployed on DeterLab. Among several conducted experiments, two are presented in this paper representing a single-vector and a multi-vector complex HTTP(S)-DDoS attack scenarios (utilizing LOIC, Slowloris, and a custom-built attack tool for HTTPS-DDoS). Results show nearly 99.2% reduction in attack traffic and 100% chance of legitimate service. Yet, attack reduction decreases, and cost in service time (of a specified file) rises, temporarily during an approximately 2 minutes mitigation time. Collateral damage to non-attacking clients sharing an attack IP is measured in terms of a temporary extra service time. Only the added identification level was utilized for mitigation, while future work includes incorporating all three levels to mitigate switching and multi-request per connection attack categories.

show abstract

ADAPT: A Game Inspired Attack-Defense and Performance Metric Taxonomy

Cited by 9 publications

References 24 publications

A Novel Security Architecture Based on Multi-level Rule Expression Language

A Novel Security Architecture Based on Multi-level Rule Expression Language

On a Generic Security Game Model

Trustworthy DDoS Defense: Design, Proof of Concept Implementation and Testing

Contact Info

Product

Resources

About