Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Model-Based Response Planning Strategies for Autonomic Intrusion Protection

Model-Based Response Planning Strategies for Autonomic Intrusion Protection The continuous increase in the quantity and sophistication of cyberattacks is making it more difficult and error prone for system administrators to handle the alerts generated by intrusion detection systems (IDSs). To deal with this problem, several intrusion response systems (IRSs) have been proposed lately. IRSs extend the IDSs by providing an automatic response to the detected attack. Such a response is usually selected either with a static attack-response mapping or by quantitatively evaluating all available responses, given a set of predefined criteria. In this article, we introduce a probabilistic model-based IRS built on the Markov decision process (MDP) framework. In contrast to most existing approaches to intrusion response, the proposed IRS effectively captures the dynamics of both the defended system and the attacker and is able to compose atomic response actions to plan optimal multiobjective long-term response policies to protect the system. We evaluate the effectiveness of the proposed IRS by showing that long-term response planning always outperforms short-term planning, and we conduct a thorough performance assessment to show that the proposed IRS can be adopted to protect large distributed systems at runtime. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM Transactions on Autonomous and Adaptive Systems (TAAS) Association for Computing Machinery

Model-Based Response Planning Strategies for Autonomic Intrusion Protection

Download PDF
23 pages

Loading next page...
 
/lp/association-for-computing-machinery/model-based-response-planning-strategies-for-autonomic-intrusion-0CEkAubFMU

References

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Association for Computing Machinery
Copyright
Copyright © 2018 ACM
ISSN
1556-4665
eISSN
1556-4703
DOI
10.1145/3168446
Publisher site
See Article on Publisher Site

Abstract

The continuous increase in the quantity and sophistication of cyberattacks is making it more difficult and error prone for system administrators to handle the alerts generated by intrusion detection systems (IDSs). To deal with this problem, several intrusion response systems (IRSs) have been proposed lately. IRSs extend the IDSs by providing an automatic response to the detected attack. Such a response is usually selected either with a static attack-response mapping or by quantitatively evaluating all available responses, given a set of predefined criteria. In this article, we introduce a probabilistic model-based IRS built on the Markov decision process (MDP) framework. In contrast to most existing approaches to intrusion response, the proposed IRS effectively captures the dynamics of both the defended system and the attacker and is able to compose atomic response actions to plan optimal multiobjective long-term response policies to protect the system. We evaluate the effectiveness of the proposed IRS by showing that long-term response planning always outperforms short-term planning, and we conduct a thorough performance assessment to show that the proposed IRS can be adopted to protect large distributed systems at runtime.

Journal

ACM Transactions on Autonomous and Adaptive Systems (TAAS)Association for Computing Machinery

Published: Apr 16, 2018

Keywords: Intrusion response system

References

  • On the application of predictive control techniques for adaptive performance management of computing systems
    Abdelwahed, Sherif; Bai, Jia; Su, Rong; Kandasamy, Nagarajan
  • Akamai’s State of the Internet: Q3 2015 Report
    Akamai,
  • Dynamic Programming
    Bellman, R. E.
  • Learning deep architectures for AI
    Bengio, Yoshua
  • Network anomaly detection: Methods, systems and tools
    Bhuyan, Monowar H.; Bhattacharyya, Dhruba Kumar; Kalita, Jugal Kumar
  • Planning, learning and coordination in multiagent decision processes
    Boutilier, Craig
  • A comprehensive survey of multiagent reinforcement learning
    Busoniu, Lucian; Babuska, Robert; De Schutter, Bart
  • Moses: A framework for QoS driven runtime adaptation of service-oriented systems
    Cardellini, Valeria; Casalicchio, Emiliano; Grassi, Vincenzo; Iannucci, Stefano; Presti, Francesco Lo; Mirandola, Raffaela
  • A model-based validated autonomic approach to self-protect computing systems
    Chen, Qian; Abdelwahed, Sherif; Erradi, Abdelkarim
  • A reference model of information assurance and security
    Cherdantseva, Yulia; Hilton, Jeremy
  • NICE: Network intrusion detection and countermeasure selection in virtual network systems
    Chung, Chun-Jen; Khatkar, Pankaj; Xing, Tianyi; Lee, Jeongkeun; Huang, Dijiang
  • An object-oriented representation for efficient reinforcement learning
    Diuk, Carlos; Cohen, Andre; Littman, Michael L.
  • Test-driving Intel Xeon Phi
    Fang, Jianbin; Sips, Henk; Zhang, Lilun; Xu, Chuanfu; Che, Yonggang; Varbanescu, Ana Lucia
  • Non-deterministic policies in Markovian decision processes
    Fard, Mahdi Milani; Pineau, Joelle
  • A response cost model for advanced metering infrastructures
    Fawaz, Ahmed; Berthier, Robin; Sanders, William H.
  • A multi-attribute decision model for intrusion response system
    Fessi, B. A.; Benabdallah, S.; Boudriga, N.; Hamdi, M.
  • ADEPTS: Adaptive intrusion response using attack graphs in an e-commerce environment
    Foo, Bingrui; Wu, Yu-Sung; Mao, Yu-Chun; Bagchi, Saurabh; Spafford, Eugene
  • A cost-sensitive automated response system for SIP-based applications
    Ghasemi, Mansoureh; Asgharian, Hassan; Akbari, Ahmad
  • The autonomic computing paradigm
    Hariri, Salim; Khargharia, Bithika; Chen, Houping; Yang, Jingmei; Zhang, Yeliang; Parashar, Manish; Liu, Hua
  • Multiple Criteria Decision Making
    Hwang, C. L.; Yoon, K.
  • A probabilistic approach to autonomic security management
    Iannucci, Stefano; Abdelwahed, Sherif
  • Towards autonomic intrusion response systems
    Iannucci, Stefano; Abdelwahed, Sherif
  • High-performance intrusion response planning on many-core architectures
    Iannucci, Stefano; Chen, Qian; Abdelwahed, Sherif
  • Intrusion response systems: Foundations, design, and challenges
    Inayat, Zakira; Gani, Abdullah; Anuar, Nor Badrul; Khan, Muhammad Khuram; Anwar, Shahid
  • An Introduction to Bayesian Networks
    Jensen, Finn V.
  • Reinforcement learning: A survey
    Kaelbling, Leslie Pack; Littman, Michael L.; Moore, Andrew W.
  • A sparse sampling algorithm for near-optimal planning in large Markov decision processes
    Kearns, Michael; Mansour, Yishay; Ng, Andrew Y.
  • The vision of autonomic computing
    Kephart, J. O.; Chess, D. M.
  • Bandit based Monte-Carlo planning
    Kocsis, Levente; Szepesvári, Csaba
  • Toward cost-sensitive modeling for intrusion detection and response
    Lee, Wenke; Fan, Wei; Miller, Matthew; Stolfo, Salvatore J.; Zadok, Erez
  • Prioritized Sweeping Converges to the Optimal Value Function
    Li, L.; Littman, M. L.; Littman, L.
  • An Analysis of the IDS Penetration Tool: Metasploit
    Marquez, Carlos Joshua
  • A Complete Guide to the Common Vulnerability Scoring System: Version 2
    Mell, Peter; Scarfone, Karen; Romanosky, Sasha
  • QoS issues in Web services
    Menascé, Daniel A.
  • Optimal defense policies for partially observable spreading processes on Bayesian attack graphs
    Miehling, Erik; Rasouli, Mohammad; Teneketzis, Demosthenis
  • An intrusion response decision-making model based on hierarchical task network planning
    Mu, Chengpo; Li, Yingjiu
  • Towards automated incident handling: How to select an appropriate response against a network-based attack? In Proceedings of the 2015 9th International Conference on IT Security Incident Management and IT Forensics (IMF’15)
    Ossenbuhl, Sven; Steinberger, Jessica; Baier, Harald
  • Modified policy iteration algorithms for discounted Markov decision problems
    Puterman, Martin L.; Shin, Moon Chirl
  • Snort—lightweight intrusion detection for networks
    Roesch, Martin
  • The protection of information in computer systems
    Saltzer, Jerome H.; Schroeder, Michael D.
  • ORCEF: Online response cost evaluation framework for intrusion response system
    Shameli-Sendi, Alireza; Dagenais, Michel
  • A cost-sensitive model for preemptive intrusion response systems
    Stakhanova, Natalia; Basu, Samik; Wong, Johnny
  • The methodology for evaluating response cost for intrusion response systems
    Strasburg, Christopher Roy; Stakhanova, Natalia; Basu, Samik; Wong, Johnny S.
  • Evaluating the impact of automated intrusion response mechanisms
    Toth, Thomas; Kruegel, Christopher
  • A systematic survey of self-protecting software systems
    Yuan, Eric; Esfahani, Naeem; Malek, Sam
  • A hierarchical and factored POMDP based automated intrusion response framework
    Zan, Xin; Gao, Feng; Han, Jiuqiang; Liu, Xiaoyong; Zhou, Jiaping
  • RRE: A game-theoretic intrusion response and recovery engine
    Zonouz, Saman A.; Khurana, Himanshu; Sanders, William H.; Yardley, Timothy M.