ARITO: Cyber-attack response system using accurate risk impact tolerance
作者: Alireza Shameli-Sendi , Michel Dagenais
DOI: 10.1007/S10207-013-0222-9
关键词:
摘要: We propose a novel approach for automated intrusion response systems to assess the value of loss that could be suffered by compromised resource. A risk assessment component measures impact and is tightly integrated with our system component. When total exceeds certain threshold, selection mechanism applies one or more responses. multi-level proposed gauge damage (attack progress) relative impact. This model proposes feedback mechanism, which goodness helps indicate new level following application response(s). Not only does constitutes online activation deactivation based on impact, it also addresses factors inherent in assessing calculating effectiveness are complex terms detail. have designed sophisticated multi-step attack penetrate Web servers, as well acquire root privilege. Our simulation results illustrate efficiency confirm feasibility real time. At end paper, we discuss various ways an attacker might succeed completely bypassing system.
springer.com
sci-hub.se 参考文章(23)
Nizar Kheir, Nora Cuppens-Boulahia, Frédéric Cuppens, Hervé Debar, A service dependency model for cost-sensitive intrusion response european symposium on research in computer security. pp. 626- 642 ,(2010) , 10.1007/978-3-642-15497-3_38
Sushil Jajodia, Steven Noel, Lingyu Wang, Anoop Singhal, Measuring Security Risk of Networks Using Attack Graphs international journal of next-generation computing. ,vol. 1, pp. 135- 147 ,(2010)
C. P. Mu, X. J. Li, H. K. Huang, S. F. Tian, Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory european symposium on research in computer security. pp. 35- 48 ,(2008) , 10.1007/978-3-540-88313-5_3
Ashish Gehani, Gershon Kedem, RheoStat: Real-Time Risk Management recent advances in intrusion detection. pp. 296- 314 ,(2004) , 10.1007/978-3-540-30143-1_16
Ivan Balepin, Sergei Maltsev, Jeff Rowe, Karl Levitt, Using specification-based intrusion detection for Automated response recent advances in intrusion detection. pp. 136- 154 ,(2003) , 10.1007/978-3-540-45248-5_8
Natalia Stakhanova, Chris Strasburg, Samik Basu, Johnny S. Wong, Towards cost-sensitive assessment of intrusion response selection Journal of Computer Security. ,vol. 20, pp. 169- 198 ,(2012) , 10.3233/JCS-2011-0436
Wenke Lee, Wei Fan, Matthew Miller, Salvatore J. Stolfo, Erez Zadok, Toward cost-sensitive modeling for intrusion detection and response Journal of Computer Security. ,vol. 10, pp. 5- 22 ,(2002) , 10.3233/JCS-2002-101-202
Naser Ezzati-Jivan, Michel R. Dagenais, A stateful approach to generate synthetic events from Kernel traces Advances in Software Engineering. ,vol. 2012, pp. 6- ,(2012) , 10.1155/2012/140368
Alireza Shameli Sendi, Masoume Jabbarifar, Mehdi Shajari, Michel Dagenais, FEMRA: Fuzzy Expert Model for Risk Assessment international conference on internet monitoring and protection. pp. 48- 53 ,(2010) , 10.1109/ICIMP.2010.15
Chengpo Mu, Yingjiu Li, An intrusion response decision-making model based on hierarchical task network planning Expert Systems With Applications. ,vol. 37, pp. 2465- 2472 ,(2010) , 10.1016/J.ESWA.2009.07.079