Taxonomy of intrusion risk assessment and response system

Shameli‐Sendi, Alireza; Cheriet, Mohamed; Hamou-Lhadj, Abdelwahab

doi:10.1016/j.cose.2014.04.009

Cited by 63 publications

(27 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As explained, they do not use the same measurement unit [1], [25]. Some models attempt to put these two costs in the same measurement unit by simplifying the problem [4]- [6].…”

Section: Related Workmentioning

confidence: 99%

“…That is, if there is no incompatibility cost, the security cost should depend on the administration cost. Therefore, we need to change the range to exclude the zero value; and 2) since the administration cost is in range [1,3], we modified the incompatibility cost range to bring the two functions within the same range. The incompatibility cost function is evaluated as follows:…”

Section: Definitionmentioning

confidence: 99%

“…As the number of rules increases, the insertion processing time increases. We modeled the incompatibility cost of rule insertion by a modified Smf 1 , sigmoidal membership function, in range [1,3]. The original Smf function was in range [0,1].…”

Section: Definitionmentioning

confidence: 99%

“…The Intrusion Detection System (IDS) detects hostile activities or exploits in a network, while the Intrusion Response System (IRS) protects the network by selecting appropriate countermeasures to effectively handle malicious activities (e.g., disabling a daemon or adapting the firewall configuration) [1]. The IRS model comprises four main components: attack damage cost, countermeasure positive effect, countermeasure negative impact, and countermeasure deployment cost.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Shameli‐Sendi

Louafi

et al. 2018

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Abstract-Designing an efficient defense framework is challenging with respect to a network's complexity, widespread sophisticated attacks, attackers' ability, and the diversity of security appliances. The Intrusion Response System (IRS) is intended to respond automatically to incidents by attuning the attack damage and countermeasure costs. The existing approaches inherit some limitations, such as using static countermeasure effectiveness, static countermeasure deployment cost, or neglecting the countermeasures' negative impact on service quality (QoS). These limitations may lead the IRS to select inappropriate countermeasures and deployment locations, which in turn may reduce network performance and disconnect legitimate users. In this paper, we propose a dynamic defense framework that selects an optimal countermeasure against different attack damage costs. To measure the attack damage cost, we propose a novel defense-centric model based on a service dependency graph. To select the optimal countermeasure dynamically, we formulate the problem at hand using a multi-objective optimization concept that maximizes the security benefit, minimizes the negative impact on users and services, and minimizes the security deployment cost with respect to the attack damage cost.

show abstract

“…As explained, they do not use the same measurement unit [1], [25]. Some models attempt to put these two costs in the same measurement unit by simplifying the problem [4]- [6].…”

Section: Related Workmentioning

confidence: 99%

Section: Definitionmentioning

confidence: 99%

Section: Definitionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Shameli‐Sendi

Louafi

et al. 2018

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…These phases include preventing, detecting, and responding to intrusions [30]. In the prevention phase, attacks are prevented before they happen.…”

Section: Intrusion Detection Systemmentioning

confidence: 99%

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

et al. 2017

View full text Add to dashboard Cite

Abstract:In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our indepth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies.

show abstract

A new ontology‐based multi agent framework for intrusion detection

Retnaswamy¹,

Ponniah²

2016

Int J Communication

View full text Add to dashboard Cite

Ontologies play an essential role in knowledge sharing and exploration, especially in multiagent systems. Intrusion is an unauthorized activity in a network, which is achieved by either active manner (information gathering) or passive manner (harmful packet forwarding). Most of the existing intrusion detection system (IDS) suffers from the following issues: it is usually adjusted to detect known service level network attacks and leaves from vulnerable to original and novel malicious attacks. Thus, it provides low accuracy and detection rate, which are the important problems of existing IDS. To overwhelm these drawbacks, an ontology-based multiagent IDS framework is developed in this work for intrusion detection. The main intention of this work is to detect the network attacks with the help of multiple detection agents. In this analysis, there are 3 different types of agents, ie, IDS broker, deputy commander, and response agent, which are used to prevent and detect the attacks in a network. The novel concept of this work is based on the concept of signature matching; it identifies and detects the attackers with the help of multiple agents.

show abstract

Taxonomy of intrusion risk assessment and response system

Cited by 63 publications

References 22 publications

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Dynamic Optimal Countermeasure Selection for Intrusion Response System

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

A new ontology‐based multi agent framework for intrusion detection

Contact Info

Product

Resources

About