Automated adaptive intrusion containment in systems of interacting services
Computer Networks: The International Journal of Computer and Telecommunications Networking
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
Network Security: Know It All: Know It All
Network Security: Know It All: Know It All
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Intrusion response cost assessment methodology
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Cyber security analysis using attack countermeasure trees
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
A service dependency model for cost-sensitive intrusion response
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Indices of power in optimal IDS default configuration: theory and examples
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Definition of response metrics for an ontology-based Automated Intrusion Response Systems
Computers and Electrical Engineering
Architecture-based self-protecting software systems
Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures
A survey of intrusion detection techniques for cyber-physical systems
ACM Computing Surveys (CSUR)
A Systematic Survey of Self-Protecting Software Systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
Towards cost-sensitive assessment of intrusion response selection
Journal of Computer Security
Hi-index | 0.00 |
Distributed systems with multiple interacting services, especially e-commerce systems, are suitable targets for malicious attacks because of the potential financial impact. Compared to intrusion detection, automated response has received relatively less attention. In this paper, we present the design of automated response mechanisms in an intrusion tolerant system called ADEPTS. Our focus is on enforcing containment in the system, thus localizing the intrusion and allowing the system to provide service, albeit degraded. ADEPTS uses a graph of intrusion goals, called IGRAPH, as the underlying representation in the system. In response to alerts from an intrusion detection framework, ADEPTS executes algorithms to determine the spread of the intrusion and the appropriate responses to deploy. A feedback mechanism evaluates the success of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e-commerce system and evaluated using a survivability metric.