Combining intrusion detection and recovery for enhancing system dependability

  • Authors:

  • Ajay Nagarajan;Quyen Nguyen;Robert Banks;Arun Sood

  • Affiliations:

  • International Cyber Center and Department of Computer Science, George Mason University, Fairfax, VA 22030;International Cyber Center and Department of Computer Science, George Mason University, Fairfax, VA 22030;International Cyber Center and Department of Computer Science, George Mason University, Fairfax, VA 22030;International Cyber Center and Department of Computer Science, George Mason University, Fairfax, VA 22030

  • Venue:
  • DSNW '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Current cyber defenses are reactive and cannot protect against customized malware and other zero day attacks which persist for many weeks. Using Receiver Operating Characteristic curve analysis and damage cost models, we trade-off the true positive rate and false positive rate to compare alternative architectures. This analysis provides optimal value(s) of Probability of Detection by evaluating the potential damage from a missed intrusion and costs of processing false positives. In this paper, we propose an approach which involves determining the influencing factors of each strategy and studying the impact of their variations within the context of an integrated intrusion defense strategy. Our goal is to manage the intrusion risks by proactively scheduling recovery for dependable networks.