论文信息 - Graph based Metrics for Intrusion Response Measures in Computer Networks

Graph based Metrics for Intrusion Response Measures in Computer Networks

This contribution presents a graph based approach for modelling the effects of both attacks against computer networks and response measures as reactions against the attacks. Certain properties of the model graphs are utilized to quantify different response metrics which are well-kown from the pragmatic view of network security officers. Using these metrics, it is possible to (1) quantify practically relevant properties of a response measure after its application, and (2) estimate these properties for all available response measures prior to their application. The latter case is the basis for the selection of an appropriate reaction to a given attack. Our graph-based model is similar to those used in software reliability analysis and was designed for a scalable granularity in representing properties of the network and its components to be protected. Different examples show the applicability of the model and the resulting metric values.

[1] Hany H. Ammar,et al. A Methodology for Architecture-Level Reliability Risk Analysis , 2002, IEEE Trans. Software Eng..

[2] Johnny S. Wong,et al. A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[3] Christopher Krügel,et al. Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[4] H. V. Jagadish,et al. Information warfare and security , 1998, SGMD.

[5] Deborah A. Frincke,et al. Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net , 2007, Comput. Networks.

[6] Eugene H. Spafford,et al. Automated adaptive intrusion containment in systems of interacting services , 2007, Comput. Networks.

[7] Salvatore J. Stolfo,et al. Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[8] Robert P. Goldman,et al. Plan recognition in intrusion detection systems , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[9] Isij Monitor,et al. Network Intrusion Detection: An Analyst’s Handbook , 2000 .

[10] Karl N. Levitt,et al. Using Specification-Based Intrusion Detection for Automated Response , 2003, RAID.

[11] Hany H. Ammar,et al. A scenario-based reliability analysis approach for component-based software , 2004, IEEE Transactions on Reliability.