Intelligent response system to mitigate the success likelihood of ongoing attacks

Author

Kanoun, Wael ; Cuppens-Boulahia, Nora ; Cuppens, Frederic ; Dubus, Samuel ; Martin, Antony

Author_Institution

Bell Labs., Alcatel-Lucent, Holmdel, NJ, USA

fYear

2010

fDate

23-25 Aug. 2010

Firstpage

99

Lastpage

105

Abstract

Intrusion response models and systems have been recently an active field in the security research. These systems rely on a fine diagnosis to perform and optimize their response. In particular, previous papers focus on balancing the cost of the response with the impact of the attack. In this paper, we present a novel attack response system, based on the assessment of the likelihood of success of attack objectives. First, the ongoing potential attacks are identified, and their success likelihood are calculated dynamically. The success likelihood depends mainly on the progress of the attack and the state of the monitored system. Second, candidate countermeasures are identified, and their effectiveness in reducing the pre-calculated success likelihood are assessed. Finally, the candidate countermeasures are prioritized.

Keywords

maximum likelihood estimation; security of data; attack response system; intelligent response system; intrusion response model; likelihood assessment; ongoing potential attack; security diagnosis; Correlation; Cryptography; Object recognition; attack objectives; dynamic Markov models; response; success likelihood mitigation;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance and Security (IAS), 2010 Sixth International Conference on

Conference_Location

Atlanta, GA

Print_ISBN

978-1-4244-7407-3

Type

conf

DOI

10.1109/ISIAS.2010.5604054

Filename

5604054