Skip to main content
Top
Published in: International Journal of Information Security 4/2014

01-08-2014 | Regular Contribution

ARITO: Cyber-attack response system using accurate risk impact tolerance

Authors: Alireza Shameli-Sendi, Michel Dagenais

Published in: International Journal of Information Security | Issue 4/2014

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

We propose a novel approach for automated intrusion response systems to assess the value of the loss that could be suffered by a compromised resource. A risk assessment component of the approach measures the risk impact and is tightly integrated with our response system component. When the total risk impact exceeds a certain threshold, the response selection mechanism applies one or more responses. A multi-level response selection mechanism is proposed to gauge the intrusion damage (attack progress) relative to the response impact. This model proposes a feedback mechanism, which measures the response goodness and helps indicate the new risk level following application of the response(s). Not only does our proposed model constitutes a novel online mechanism for response activation and deactivation based on the online risk impact, it also addresses the factors inherent in assessing risk and calculating response effectiveness that are more complex in terms of detail. We have designed a sophisticated multi-step attack to penetrate Web servers, as well as to acquire root privilege. Our simulation results illustrate the efficiency of the proposed model and confirm the feasibility of the approach in real time. At the end of paper, we discuss the various ways in which an attacker might succeed in completely bypassing our response system.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference Arnes, A., Haas, P., Vigna, G., Kemmerer, R.: Using a virtual security testbed for digital forensic reconstruction. J. Comput. Virol. 2(4), 275–289 (2007)CrossRef Arnes, A., Haas, P., Vigna, G., Kemmerer, R.: Using a virtual security testbed for digital forensic reconstruction. J. Comput. Virol. 2(4), 275–289 (2007)CrossRef
2.
go back to reference Balepin, I., Maltsev, S., Rowe, J., Levitt, K.: Using specification-based intrusion detection for automated response. In: 6th International Symposium on Recent Advances in Intrusion Detection, pp. 136–154. Springer (2003) Balepin, I., Maltsev, S., Rowe, J., Levitt, K.: Using specification-based intrusion detection for automated response. In: 6th International Symposium on Recent Advances in Intrusion Detection, pp. 136–154. Springer (2003)
3.
go back to reference Chen, C.T.: A fuzzy approach to select the location of the distribution center. Fuzzy Sets Syst. 118, 65–73 (2001)CrossRefMATH Chen, C.T.: A fuzzy approach to select the location of the distribution center. Fuzzy Sets Syst. 118, 65–73 (2001)CrossRefMATH
4.
go back to reference Chou, S.Y., Chang, Y.H., Shen, C.Y.: A fuzzy simple additive weighting system under group decision-making for facility location selection with objective/subjective attributes. Oper. Res. 189, 145–232 (2008) Chou, S.Y., Chang, Y.H., Shen, C.Y.: A fuzzy simple additive weighting system under group decision-making for facility location selection with objective/subjective attributes. Oper. Res. 189, 145–232 (2008)
6.
go back to reference Desnoyers, M., Dagenais, M.: LTTng: Tracing across execution layers, from the hypervisor to user-space. Linux Symposium. Ottawa, Canada (2008) Desnoyers, M., Dagenais, M.: LTTng: Tracing across execution layers, from the hypervisor to user-space. Linux Symposium. Ottawa, Canada (2008)
8.
go back to reference Ezzati-Jivan, N., Dagenais, M.: A stateful approach to generate synthetic events from kernel traces. Adv. Softw. Eng. 2012 (2012), 12 pages (2012) Ezzati-Jivan, N., Dagenais, M.: A stateful approach to generate synthetic events from kernel traces. Adv. Softw. Eng. 2012 (2012), 12 pages (2012)
9.
go back to reference Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: International Conference on Dependable Systems and Networks, pp. 508–517. IEEE (2005) Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: International Conference on Dependable Systems and Networks, pp. 508–517. IEEE (2005)
10.
go back to reference Fournier, P.M., Desnoyers, M., Dagenais, M.: Combined tracing of the kernel and applications with LTTng. In: Proceedings of the 2009 Linux Symposium (2009) Fournier, P.M., Desnoyers, M., Dagenais, M.: Combined tracing of the kernel and applications with LTTng. In: Proceedings of the 2009 Linux Symposium (2009)
11.
go back to reference Gehani, A., Kedem, G.: Rheostat: real-time risk management. In: Recent Advances in Intrusion Detection: 7th International Symposium, pp. 296–314. France (2004) Gehani, A., Kedem, G.: Rheostat: real-time risk management. In: Recent Advances in Intrusion Detection: 7th International Symposium, pp. 296–314. France (2004)
12.
go back to reference Jahnke, M., Thul, C., Martini, P.: Graph-based metrics for intrusion response measures in computer networks. In: Proceedings of the 3rd LCN Workshop on Network Security. Held in conjunction with the 32nd IEEE Conference on Local Computer Networks (LCN), pp. 1035–1042. IEEE, Dublin, Ireland (2007) Jahnke, M., Thul, C., Martini, P.: Graph-based metrics for intrusion response measures in computer networks. In: Proceedings of the 3rd LCN Workshop on Network Security. Held in conjunction with the 32nd IEEE Conference on Local Computer Networks (LCN), pp. 1035–1042. IEEE, Dublin, Ireland (2007)
13.
go back to reference Jones, J.: An introduction to factor analysis of information risk (FAIR). Norwich J. Inf. Assur. 2(1), 1–76 (2006) Jones, J.: An introduction to factor analysis of information risk (FAIR). Norwich J. Inf. Assur. 2(1), 1–76 (2006)
14.
go back to reference Kanoun, W, Cuppens-Boulahia, N., Cuppens, F., Dubus, S.: Risk-aware framework for activating and deactivating policy-based response. In: Fourth International Conference on Network and System Security, pp. 207–215. ACM (2010) Kanoun, W, Cuppens-Boulahia, N., Cuppens, F., Dubus, S.: Risk-aware framework for activating and deactivating policy-based response. In: Fourth International Conference on Network and System Security, pp. 207–215. ACM (2010)
15.
go back to reference Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost sensitive intrusion response. In: Proceedings of the 15th European Conference on Research in Computer Security, pp. 626–642. Springer (2010) Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost sensitive intrusion response. In: Proceedings of the 15th European Conference on Research in Computer Security, pp. 626–642. Springer (2010)
16.
go back to reference Kheir, N., Debar, H., Cuppens-Boulahia, N., Cuppens, F., Viinikka, J.: Cost evaluation for intrusion response using dependency graphs. In: IFIP International Conference on Network and Service Security. IEEE (2009) Kheir, N., Debar, H., Cuppens-Boulahia, N., Cuppens, F., Viinikka, J.: Cost evaluation for intrusion response using dependency graphs. In: IFIP International Conference on Network and Service Security. IEEE (2009)
17.
go back to reference Lee, W., Fan, W., Miller, M.: Toward cost-sensitive modeling for intrusion detection and response. J. Comput. Secur. 10(1), 5–22 (2002) Lee, W., Fan, W., Miller, M.: Toward cost-sensitive modeling for intrusion detection and response. J. Comput. Secur. 10(1), 5–22 (2002)
18.
go back to reference Mu, C.P., Li, X.J., Huang, H.K., Tian, S.F.: Online risk assessment of intrusion scenarios using D-S evidence theory. In: Proceedings of the 13th European Symposium on Research in Computer Security, pp. 35–48. Springer, Malaga (2008) Mu, C.P., Li, X.J., Huang, H.K., Tian, S.F.: Online risk assessment of intrusion scenarios using D-S evidence theory. In: Proceedings of the 13th European Symposium on Research in Computer Security, pp. 35–48. Springer, Malaga (2008)
19.
go back to reference Mu, C.P., Li, Y.: An intrusion response decision-making model based on hierarchical task network planning. Expert Syst. Appl. 37(3), 2465–2472 (2010)CrossRefMathSciNet Mu, C.P., Li, Y.: An intrusion response decision-making model based on hierarchical task network planning. Expert Syst. Appl. 37(3), 2465–2472 (2010)CrossRefMathSciNet
20.
go back to reference Noel, S., Wang, L., Singhal, A., Jajodia, S.: Measuring security risk of networks using attack graphs. Int. J. Next-Gener. Comput. 1(1), 135–147 (2010) Noel, S., Wang, L., Singhal, A., Jajodia, S.: Measuring security risk of networks using attack graphs. Int. J. Next-Gener. Comput. 1(1), 135–147 (2010)
21.
go back to reference Runkler, T.A.: Selection of appropriate defuzzification methods using application specific properties. IEEE Trans. Fuzzy Syst. 5(1), 72–79 (1997) Runkler, T.A.: Selection of appropriate defuzzification methods using application specific properties. IEEE Trans. Fuzzy Syst. 5(1), 72–79 (1997)
22.
go back to reference Shameli-Sendi, A., Jabbarifar, M., Shajari, M., Dagenais, M.: FEMRA: Fuzzy expert model for risk assessment. In: Proceedings of the Fifth International Conference on Internet Monitoring and Protection, pp. 48–53. IEEE, Barcelona, Spain (2010) Shameli-Sendi, A., Jabbarifar, M., Shajari, M., Dagenais, M.: FEMRA: Fuzzy expert model for risk assessment. In: Proceedings of the Fifth International Conference on Internet Monitoring and Protection, pp. 48–53. IEEE, Barcelona, Spain (2010)
23.
go back to reference Shameli-Sendi, A., Shajari, M., Hassanabadi, M., Jabbarifar, M., Dagenais, M.: Fuzzy multi-criteria decision-making for information security risk assessment. Open Cybern. Syst. J. 6, 26–37 (2012) Shameli-Sendi, A., Shajari, M., Hassanabadi, M., Jabbarifar, M., Dagenais, M.: Fuzzy multi-criteria decision-making for information security risk assessment. Open Cybern. Syst. J. 6, 26–37 (2012)
24.
go back to reference Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M., Dagenais, M.: Intrusion response systems: survey and taxonomy. Int. J. Comput. Sci. Netw. Secur. 12(1), 1–14 (2012) Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M., Dagenais, M.: Intrusion response systems: survey and taxonomy. Int. J. Comput. Sci. Netw. Secur. 12(1), 1–14 (2012)
25.
go back to reference Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications, pp. 428–435. IEEE (2007) Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications, pp. 428–435. IEEE (2007)
26.
go back to reference Stakhanova, N., Strasburg, C., Basu, S., Wong, J.S.: Towards cost-sensitive assessment of intrusion response selection. J. Comput. Secur. 20(2–3), 169–198 (2012) Stakhanova, N., Strasburg, C., Basu, S., Wong, J.S.: Towards cost-sensitive assessment of intrusion response selection. J. Comput. Secur. 20(2–3), 169–198 (2012)
27.
go back to reference Strasburg, C., Stakhanova, N., Basu, S., Wong, J. S.: A framework for cost sensitive assessment of intrusion response selection. In: Proceedings of IEEE Computer Software and Applications Conference, pp. 355–360. IEEE (2009) Strasburg, C., Stakhanova, N., Basu, S., Wong, J. S.: A framework for cost sensitive assessment of intrusion response selection. In: Proceedings of IEEE Computer Software and Applications Conference, pp. 355–360. IEEE (2009)
Metadata
Title
ARITO: Cyber-attack response system using accurate risk impact tolerance
Authors
Alireza Shameli-Sendi
Michel Dagenais
Publication date
01-08-2014
Publisher
Springer Berlin Heidelberg
Published in
International Journal of Information Security / Issue 4/2014
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI
https://doi.org/10.1007/s10207-013-0222-9

Other articles of this Issue 4/2014

International Journal of Information Security 4/2014 Go to the issue

Premium Partner