Ex-SDF: An Extended Service Dependency Framework for Intrusion Impact Assessment
نویسندگان
چکیده
Information systems are increasingly dependent on highly distributed architectures that include multiple dependencies. Even basic attacks like script-kiddies have drastic effects on target systems as they easily spread through existing dependencies. Unless intrusion effects are accurately assessed, response systems will still be blinded when selecting optimal responses. In fact, using only response costs as a basis to select responses is still meaningless if not compared to intrusion costs. While conventional responses provoke mostly availability impacts, intrusions affect confidentiality, integrity and availability. This paper develops an approach to assess intrusion impacts on IT systems. It uses service dependencies as frames for propagating impacts. It goes beyond existing methods which mostly use dependability analysis techniques. It explores service privileges as being the main targets for attackers, and the tunable parameters for intrusion response. The approach presented in this paper is implemented as a simulation-based framework and demonstrated for the example of a vehicle reservation service.
منابع مشابه
A Service Dependency Modeling Framework for Policy-Based Response Enforcement
The use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation difficult. The enforcement of a single response rule requires performing multiple c...
متن کاملInformation Warfare: Fighting Back Efficiently Through the Matrix
Intrusion detection systems can detect a malicious transaction in a database. However, sometimes this process takes time and the detection occurs after the transaction commits. Databases cannot take any action in this case and the damage will spread to a certain part of the database. There are some methods to recover the damaged part of the database. Nevertheless, any recovery algorithm should ...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملRisk assessment framework for power control systems with PMU-based intrusion response system
Cyber threats are serious concerns for power systems. For example, hackers may attack power control systems via interconnected enterprise networks. This paper proposes a risk assessment framework to enhance the resilience of power systems against cyber attacks. The duality element relative fuzzy evaluation method is employed to evaluate identified security vulnerabilities within cyber systems o...
متن کاملAn Extended Framework for ERP Post-Implementation Success Assessment
Implementing enterprise resource planning systems is a sophisticated, lengthy and costly process which tends to face serious failure. Thus, it is essential to perform the success assessment at the post-implementation stage of an ERP project to evaluate how much the system has succeeded in achieving its predetermined objectives. This paper proposes a practical and extended framework for assessin...
متن کامل