Graph based Metrics for Intrusion Response Measures in Computer Networks

Kuhn, Gerhard; Eisl, Jochen; Becker, H.

doi:10.1109/lcn.2007.45

Cited by 50 publications

(78 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The LAMBDA [11] language is used to model attack graphs when an attack is detected. Jahnke et al [12] present a graph-based approach for modeling the effects of attacks against services, and the effects of the response measures taken in reaction to those attacks. The proposed model considers different kinds of dependencies between services, and derives quantitative differences between system states from these graphs.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Defense-Centric Model for Multi-step Attack Damage Cost Evaluation

Shameli‐Sendi

Louafi

et al. 2015

2015 3rd International Conference on Future Internet of Things and Cloud

View full text Add to dashboard Cite

Abstract-Measuring the attack damage cost and monitoring the sequence of privilege escalations play a critical role in choosing the right countermeasure by Intrusion Response System (IRS). The existing attack damage cost evaluation approaches inherit some limitations, such as neglecting the dependencies between system assets, ignoring the backward damage of exploited non-goal services, or omitting the potential damage toward the goal service. In this paper, we propose a defense-centric model to calculate the damage cost of a multistep attack. The main advantage of this model is providing an accurate damage cost by considering not only the damaged services (non-goal services) but also the potential damage toward the attacker target (goal service). To track the attacker's progress and find the attack path, an Attack-Defense Tree (ADT) is used. The model has been implemented in, but is not limited to, the cloud environment and tested with a multistep attack scenario.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Kheir et al [13] propose a service dependency graph to evaluate the confidentiality and integrity impacts, as well as the availability impact. The confidentiality and integrity criteria are not considered in [12].…”

Section: Related Workmentioning

confidence: 99%

A Defense-Centric Model for Multi-step Attack Damage Cost Evaluation

Shameli‐Sendi

Louafi

et al. 2015

2015 3rd International Conference on Future Internet of Things and Cloud

View full text Add to dashboard Cite

show abstract

“…It allows a cost-sensitive selection of intrusion responses. Another cost-sensitive analysis of intrusion responses is presented in [17]. It uses dependency graphs instead of dependency trees.…”

Section: Service Dependency Models and Applicationsmentioning

confidence: 99%

“…The existing dependency models such as graph [15,17,16] or class-based [13] models classify service dependencies using static attributes. These are often informally defined, and adapted to only specific system implementations.…”

Section: Service Dependency Models and Applicationsmentioning

confidence: 99%

See 1 more Smart Citation

A Service Dependency Modeling Framework for Policy-Based Response Enforcement

Kheir

Debar

Cuppens³

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation difficult. The enforcement of a single response rule requires performing multiple configuration changes on multiple services. This paper formally describes a Service Dependency Framework (SDF) in order to assist the response process in selecting the policy enforcement points (PEPs) capable of applying a dynamic response rule. It automatically derives elementary access rules from the generic access control, either allowed or denied by the dynamic response policy, so they can be locally managed by local PEPs. SDF introduces a requires/provides model of service dependencies. It models the service architecture in a modular way, and thus provides both extensibility and reusability of model components. SDF is defined using the Architecture Analysis and Design Language, which provides formal concepts for modeling system architectures. This paper presents a systematic treatment of the dependency model which aims to apply policy rules while minimizing configuration changes and reducing resource consumption.

show abstract