Analytical models for risk-based intrusion response

نویسندگان

  • Bugra Caskurlu
  • Ashish Gehani
  • Cemal Çagatay Bilgin
  • K. Subramani
چکیده

Risk analysis has been used to manage the security of systems for several decades. However, its use has been limited to offline risk computation and manual response. In contrast, we use risk computation to drive changes in an operating system’s security configuration. This allows risk management to occur in real time and reduces the window of exposure to attack. We posit that it is possible to protect a system by reducing its functionality temporarily when it is under siege. Our goal is to minimize the tension between security and usability by trading them dynamically. Instead of statically configuring a system, we aim to monitor the risk level, using it to drive the tradeoff between security and utility. The advantage of this approach is that it provides users with the maximum possible functionality for any predefined level of risk tolerance. Risk management can be framed as an exercise in managing the constraints on edge and vertex weights of a tripartite graph, with the partitions corresponding to the threats, vulnerabilities, and assets in the system. If a threat requires a specific permission and affects a particular asset, an edge is added between the threat and the permission that mediates access to the vulnerable resource. Another edge is added between the permission and the asset. The presence of a path from a threat, through a permission check, to an asset contributes an element of risk. Risk can be reduced by denying access to a resource that contains a vulnerability or activating data protection measures. We first show that algorithmic underpinnings of optimal risk management can be formulated as the Partial Vertex Cover (PVC) problem in bipartite graphs. We then experimentally compare several heuristics and a (1 + √ 2 2 + )-approximation algorithm we designed for the problem. ∗A preliminary version of this work have appeared in LNCS 7000 with the title ”Algorithmic Aspects of Risk Management”. This version is not only an extended form of the preliminary version, but also both the introduction of the design patterns and their experimental comparisons are completely new. †This research has been supported in part by the National Science Foundation through Award CNS-0849735. ‡This research was supported in part by the Air Force Office of Scientific Research through Award FA9550-12-1-0199. §This research was supported in part by the National Science Foundation through Awards CCF-0827397 and CNS-0849735, and Air Force Office of Scientific Research through Award FA9550-12-1-0199.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

ارائه مدلی جهت استفاده ازعاملهای متحرک در سیستم های تشخیص نفوذ توزیع شده مبتنی بر تئوری بازی

The proposed framework applies two game theoretic models for economic deployment of intrusion detection system (IDS). The first scheme models and analyzes the interaction behaviors of between an attacker and intrusion detection agent within a non-cooperative game, and then the security risk value is derived from the mixed strategy Nash equilibrium. The second scheme uses the security risk value...

متن کامل

A New Intrusion Detection System to deal with Black Hole Attacks in Mobile Ad Hoc Networks

By extending wireless networks and because of their different nature, some attacks appear in these networks which did not exist in wired networks. Security is a serious challenge for actual implementation in wireless networks. Due to lack of the fixed infrastructure and also because of security holes in routing protocols in mobile ad hoc networks, these networks are not protected against attack...

متن کامل

Model-Based Evaluation of Distributed Intrusion Detection Protocols for Mobile Group Communication Systems

Under highly security vulnerable, resource-restricted, and dynamically changing mobile ad hoc environments, it is critical to be able to maximize the system lifetime while bounding the communication response time for mission-oriented mobile groups. In this paper, we analyze the tradeoff of security versus performance for distributed intrusion detection protocols employed in mobile group communi...

متن کامل

The Effectiveness of the Models and Guidelines on Detecting High-Risk Pregnancies: A Systematic Review

Background: The models or guidelines that make it possible for pregnant mothers to diagnose high-risk pregnancy signs and symptoms are not clearly stated. This systematic review was conducted to answer the question: what models/guidelines have contributed to women’s knowledge/performance regarding the detection of high-risk pregnancy?   Method: This systematic review uses the Preferred Reporti...

متن کامل

Integrating intrusion alert information to aid forensic explanation: An analytical intrusion detection framework for distributive IDS

The objective of this research is to show an analytical intrusion detection framework (AIDF) comprised of (i) a probability model discovery approach, and (ii) a probabilistic inference mechanism for generating the most probable forensic explanation based on not only just the observed intrusion detection alerts, but also the unreported signature rules that are revealed in the probability model. ...

متن کامل

Risk assessment framework for power control systems with PMU-based intrusion response system

Cyber threats are serious concerns for power systems. For example, hackers may attack power control systems via interconnected enterprise networks. This paper proposes a risk assessment framework to enhance the resilience of power systems against cyber attacks. The duality element relative fuzzy evaluation method is employed to evaluate identified security vulnerabilities within cyber systems o...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Computer Networks

دوره 57  شماره 

صفحات  -

تاریخ انتشار 2013