nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

On the Fly Design and Co-simulation of Responses Against Simultaneous Attacks

verfasst von : Léa Samarji, Nora Cuppens-Boulahia, Frédéric Cuppens, Serge Papillon, Waël Kanoun, Samuel Dubus

Erschienen in: Computer Security -- ESORICS 2015

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The growth of critical information systems in size and complexity has driven the research community to propose automated response systems. These systems must cope with the steady progress of the attacks’ sophistication, coordination and effectiveness. Unfortunately, existing response systems still handle attacks independently, suffering thereby from (i) efficiency issues against coordinated attacks (e.g. DDoS), (ii) conflicts between parallel responses, and (iii) unexpected side effects of responses on the system. We, thus, propose in this paper a new response model against simultaneous threats. Our response is dynamically designed based on a new definition of capability-aware logic anticorrelation, and modeled using the Situation Calculus (SC) language. Even though a response can prevent or reduce an attack scenario, it may also have side effects on the system and unintentionally ease one of the attackers to progress on its scenario. We address this issue by proposing a response co-simulator based on SC planning capabilities. This co-simulator considers each response candidate apart and reasons, from the current system’s and attackers’ state, to assess the achieved risk mitigation on the protected system. Experimentations were led to highlight the benefits of our solution.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Balloon: A Forward-Secure Append-Only Persistent Authenticated Data Structure

http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed- 7000028166/.

Boutilier, C., Brafman, R.I.: Partial-order planning with concurrent interacting actions. J. Artif. Int. Res. 14(1), 105–136 (2001)MATH

Cuppens, F., Autrel, F., Bouzida, Y., Garcia, J., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection network (2006)

Cuppens, F., Cuppens-Boulahia, N., Bouzida, Y., Kanoun, W., Croissant, A.: Expression and deployment of reaction policies. In: IEEE International Conference on Signal Image Technology and Internet Based Systems, SITIS 2008, pp. 118–127, November 2008

Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000) CrossRef

Essaouini, N., Cuppens, F., Cuppens-Boulahia, N., Abou El Kalam, A.: Specifying and enforcing constraints in dynamic access control policies. In: 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), pp. 290–297. IEEE (2014)

Gonzalez Granadillo, G., Belhaouane, M., Debar, H., Jacob, G.: Rori-based countermeasure selection using the OrBAC formalism. Int. J. Inf. Secur. 13(1), 63–79 (2014)CrossRef

Irvine, C., Levin, T.: Toward a taxonomy and costing method for security services. In: Proceedings of the 15th Annual Computer Security Applications Conference, ACSAC 1999, pp. 183–188. IEEE Computer Society, Washington, DC (1999)

Jr, C.C., Pooch, U.W.: An intrusion response taxonomy and its role in automatic intrusion response. In: The 2000 IEEE Workshop on Information Assurance and Security (2000)

Kanoun, W., Samarji, L., Cuppens-Boulahia, N., Dubus, S., Cuppens, F.: Towards a temporal response taxonomy. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 318–331. Springer, Heidelberg (2013) CrossRef

10.

Levesque, H.J., Reiter, R., Lespérance, Y., Lin, F., Scherl, R.B.: Golog: a logic programming language for dynamic domains (1994)

11.

Mccarthy, J., Hayes, P.J.: Some philosophical problems from the standpoint of artificial intelligence. In: Machine Intelligence, vol. 4 (1969)

12.

Pinto, J.A.: Temporal reasoning in the situation calculus (1994)

13.

Reiter, R.: Natural actions, concurrency and continuous time in the situation calculus. In: Aiello, L.C., Doyle, J., Shapiro, S.C. (eds.) KR, pp. 2–13. Morgan Kaufmann, San Francisco (1996)

14.

Reiter, R.: Knowledge in Action: Logical Foundations for Specifying and Implementing Dynamical Systems. The MIT Press, Massachusetts, Illustrated edition (2001)MATH

15.

Samarji, L., Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Dubus, S.: Situation calculus and graph based defensive modeling of simultaneous attacks. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 132–150. Springer, Heidelberg (2013) CrossRef

16.

Samarji, L., Cuppens-Boulahia, N., Cuppens, F., Kanoun, W., Papillon, S., Dubus, S.: Liccas: assessing the likelihood of individual, coordinated, and concurrent attack scenarios. In: Security and Privacy in Communication Networks (2014)

17.

Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications, AINA 2007, pp. 428–435. IEEE Computer Society, Washington, DC (2007)

18.

Templeton, S.J., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the 2000 workshop on New security paradigms, NSPW 2000, pp. 31–38. ACM, New York (2000)

19.

Wang, H., Wang, G., Lan, Y., Wang, K., Liu, D.: A new automatic intrusion response taxonomy and its application. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 999–1003. Springer, Heidelberg (2006) CrossRef

20.

Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)CrossRef

Titel: On the Fly Design and Co-simulation of Responses Against Simultaneous Attacks
verfasst von: Léa Samarji
Nora Cuppens-Boulahia
Frédéric Cuppens
Serge Papillon
Waël Kanoun
Samuel Dubus
Verlag: Springer International Publishing
Buch: Computer Security -- ESORICS 2015
Print ISBN: 978-3-319-24176-0

Electronic ISBN: 978-3-319-24177-7

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24177-7_32

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"