TY - GEN
T1 - An optimal metric-aware response selection strategy for intrusion response systems
AU - Herold, Nadine
AU - Wachs, Matthias
AU - Posselt, Stephan A.
AU - Carle, Georg
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017
Y1 - 2017
N2 - Due to the ever increasing number and variety of security incidents, incident management is an important and challenging aspect of operating indispensable services. Self-protection capabilities ensure service continuity by detecting and counteracting security incidents. Within this process, determining the set of countermeasures to be applied is essential. But detecting and analyzing security incidents in a complex network environment—especially under the pressure of an ongoing incident—is a challenge usually too complex for human comprehension and capabilities. As a consequence, often catastrophic and exaggerated actions are chosen when manually antagonizing security incidents. In this paper, we propose a novel approach towards automatic response selection to counteract security incidents in complex network environments and, by relieving network operators, increase network security. Our approach is based on defining response selection as a mathematical optimization problem and providing a proven optimal combination of countermeasures. Our approach pays respect to user-defined cost metrics for countermeasures and supports restrictions like conflicting countermeasures and resource restrictions in the network. To ensure the usability and scalability of our approach, we evaluate the performance and show the applicability in different network settings.
AB - Due to the ever increasing number and variety of security incidents, incident management is an important and challenging aspect of operating indispensable services. Self-protection capabilities ensure service continuity by detecting and counteracting security incidents. Within this process, determining the set of countermeasures to be applied is essential. But detecting and analyzing security incidents in a complex network environment—especially under the pressure of an ongoing incident—is a challenge usually too complex for human comprehension and capabilities. As a consequence, often catastrophic and exaggerated actions are chosen when manually antagonizing security incidents. In this paper, we propose a novel approach towards automatic response selection to counteract security incidents in complex network environments and, by relieving network operators, increase network security. Our approach is based on defining response selection as a mathematical optimization problem and providing a proven optimal combination of countermeasures. Our approach pays respect to user-defined cost metrics for countermeasures and supports restrictions like conflicting countermeasures and resource restrictions in the network. To ensure the usability and scalability of our approach, we evaluate the performance and show the applicability in different network settings.
KW - Intrusion response
KW - Optimization
KW - Self-protection
UR - http://www.scopus.com/inward/record.url?scp=85009475986&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-51966-1_5
DO - 10.1007/978-3-319-51966-1_5
M3 - Conference contribution
AN - SCOPUS:85009475986
SN - 9783319519654
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 68
EP - 84
BT - Foundations and Practice of Security - 9th International Symposium, FPS 2016, Revised Selected Papers
A2 - Garcia-Alfaro, Joaquin
A2 - Cuppens, Frederic
A2 - Cuppens-Boulahia, Nora
A2 - Wang, Lingyu
A2 - Tawbi, Nadia
PB - Springer Verlag
T2 - 9th International Symposium on Foundations and Practice of Security, FPS 2016
Y2 - 24 October 2016 through 26 October 2016
ER -