Dynamic Optimal Countermeasure Selection for Intrusion Response System

Shameli‐Sendi, Alireza; Louafi, Habib; He, Wenbo; Cheriet, Mohamed

doi:10.1109/tdsc.2016.2615622

Cited by 49 publications

(42 citation statements)

References 25 publications

(35 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Having discussed systems that recover from intrusions and showed that it is not enough to withstand them, we now discuss intrusion response systems [5,20,62] that focus on applying responses to limit the impact of an intrusion.…”

Section: Intrusion Response Systemsmentioning

confidence: 99%

“…One area of focus of prior work is on how to model intrusion damages, or response costs, to select responses. Previous approaches either rely on directed graphs about system resources and cost models [5], on attack graphs [20], or attack defense trees [62]. Shameli-Sendi et al [62] use Multi-Objective Optimization (MOO) methods to select an optimal response based on such models.…”

Section: Intrusion Response Systemsmentioning

confidence: 99%

“…However, existing approaches apply coarse-grained responses that affect the whole system and not just the compromised services [20] (e.g., blocking port 80 for the whole system because a single compromised service uses this port maliciously). They also rely on a strong assumption of having complete knowledge of the vulnerabilities present and used by the attacker [20,62] to select responses.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Survivor

Chevalier

Plaquin

Dalton

et al. 2019

Proceedings of the 35th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such an approach may put the system into a degraded mode. This degraded mode prevents attackers to reinfect the system or to achieve their goals if they managed to reinfect it. It maintains the availability of core functions while waiting for patches to be deployed. We devised a cost-sensitive response selection process to ensure that while the service is in a degraded mode, its core functions are still operating. We built a Linux-based prototype and evaluated the effectiveness of our approach against different types of intrusions. The results show that our solution removes the effects of the intrusions, that it can select appropriate responses, and that it allows services to survive when reinfected. In terms of performance overhead, in most cases, we observed a small overhead, except in the rare case of services that write many small files asynchronously in a burst, where we observed a higher but acceptable overhead. CCS CONCEPTS• Security and privacy → Operating systems security; Malware and its mitigation.

show abstract

Section: Intrusion Response Systemsmentioning

confidence: 99%

Section: Intrusion Response Systemsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Survivor

Chevalier

Plaquin

Dalton

et al. 2019

Proceedings of the 35th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…In [8] authors stated that use of common path mining helps hybrid IDS for better detection. Data mining is used for the building of a power system which operates on data logs.…”

Section: Literature Surveymentioning

confidence: 99%

Intrusion Detection System for Large Scale Data using Machine Learning Algorithms

Kshirsagar¹,

Kumbharkar²

2019

IJEAT

View full text Add to dashboard Cite

To provide security to internet assets, Intrusion Detection System (IDS) is most essential constituent. Due to various network attacks it is very hard to detect malicious activities from remote user as well as remote machines. In such a manner it is mandatory to analyze such activities which are normal or malicious. Due to insufficient background knowledge of system it is hard to detect malicious activities of system. In this work we proposed intrusion detection system using various soft computing algorithms, the system has categorized into three different sections, in first section we execute the data preprocessing as well as generate background knowledge of system according to two training data set as well as combination genetic algorithm. Once the background knowledge has generated system executes for prevention mode. In prevention mode basically it works for defense mechanism from various networks and host attacks. System uses two data sets which contain around 42 attributes. The system is able to support for NIDS as well as HIDS respectively. The result section will show how proposed system is better than classical machine learning algorithms. With the help of various comparative graphs as well as detection rate of systems we conclude proposed system provides the drastic supervision in vulnerable network environment. The average accuracy of proposed system is 100% for DOS attacks as well as around more than 90% plus accuracy for other as well as unknown attacks respectively.

show abstract

“…en, appropriate defense strategies can be selected through cut-set analysis, game theory, and other methods. For example, Shameli-Sendi et al [13] used ADTree to establish a security model and then proposed a dynamic defense framework that selects an optimal countermeasure by considering the security benefit and attack damage cost. Wang and Liu [14] established a systematic attack defense game model based on the return on attack (ROA) and return on investment (ROI) of an ADTree.…”

Section: Introductionmentioning

confidence: 99%

A Minimum Defense Cost Calculation Method for Attack Defense Trees

Zhong

2020

Security and Communication Networks

View full text Add to dashboard Cite

The cyberphysical system (CPS) is becoming the infrastructure of society. Unfortunately, the CPS is vulnerable to cyberattacks, which may cause environmental pollution, property losses, and even casualties. Furthermore, in contrast to the conventional Internet, the devices in CPSs are more specific, and the device systems may not be upgraded or installed with new programs during their life spans. The selection of the best defense nodes for defeating cyberattacks is quite challenging in CPSs. To overcome this issue, several attack-defense modeled methods have been proposed. However, few existing studies have considered the defense cost, which is usually a determinant in practice. In this paper, we propose a method for choosing optimal defense nodes that (1) can defeat specific attacks and (2) are inexpensive. First, the atom attack defense tree (A2DTree) is proposed by adding constraints to the conventional attack defense tree (ADTree). Second, the algebraic method is used to efficiently calculate the minimum defense cost. On this basis, a minimum defense cost calculation tool is designed and implemented. Finally, the effectiveness of the proposed method is verified with two typical case studies, and a comparative experiment of related work is carried out. The results show that the method can correctly and efficiently identify the optimal defense nodes and calculate the minimum defense cost of a CPS.

show abstract

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Cited by 49 publications

References 25 publications

Survivor

Survivor

Intrusion Detection System for Large Scale Data using Machine Learning Algorithms

A Minimum Defense Cost Calculation Method for Attack Defense Trees

Contact Info

Product

Resources

About