Title :
Combining intrusion detection and recovery for enhancing system dependability
Author :
Nagarajan, Ajay ; Nguyen, Quyen ; Banks, Robert ; Sood, Arun
Author_Institution :
Dept. of Comput. Sci., George Mason Univ., Fairfax, VA, USA
Abstract :
Current cyber defenses are reactive and cannot protect against customized malware and other zero day attacks which persist for many weeks. Using Receiver Operating Characteristic curve analysis and damage cost models, we trade-off the true positive rate and false positive rate to compare alternative architectures. This analysis provides optimal value(s) of Probability of Detection by evaluating the potential damage from a missed intrusion and costs of processing false positives. In this paper, we propose an approach which involves determining the influencing factors of each strategy and studying the impact of their variations within the context of an integrated intrusion defense strategy. Our goal is to manage the intrusion risks by proactively scheduling recovery for dependable networks.
Keywords :
computer network security; invasive software; probability; risk management; sensitivity analysis; system recovery; customized malware; damage cost model; dependable network system; false positive rate; integrated intrusion defense strategy; intrusion detection probability; intrusion risk management; missed intrusion; receiver operating characteristic curve analysis; recovery scheduling; true positive rate; zero day attacks; Computer aided software engineering; Intrusion detection; Malware; Measurement; Receivers; Servers; Intrusion Tolerance System; Receiver Operating Characteristic;
Conference_Titel :
Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4577-0374-4
Electronic_ISBN :
978-1-4577-0373-7
DOI :
10.1109/DSNW.2011.5958859
