An Intrusion Response Method Based on Attack Graph: An Intrusion Response Method Based on Attack Graph

System incentive and alternation of attacker’s strategies are not taken into full consideration in current intrusion response research. An intrusion response model (intrusion response based on attack graph, IRAG) based on the attack graph is proposed to solve this problem. IRAG model deals well with the attack’s intent and alternation of strategies, and takes account of incentives of system and attacker across-the-board. The experimental results show that the IRAG model can effectively improve the accuracy and effectiveness of alert response.

[1]  Udo W. Pooch,et al.  A Methodology for Using Intelligent Agents to provide Automated Intrusion Response , 2000 .

[2]  S. Mnsman,et al.  System or security managers adaptive response tool , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3]  Udo W. Pooch,et al.  Adaptation techniques for intrusion detection and intrusion response systems , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[4]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[5]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[6]  H. W. Kuhn,et al.  11. Extensive Games and the Problem of Information , 1953 .

[7]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[8]  Dan Schnackenberg,et al.  Infrastructure for intrusion detection and response , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[9]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Peng Ning,et al.  Learning attack strategies from intrusion alerts , 2003, CCS '03.

[11]  Alfonso Valdes,et al.  A Mission-Impact-Based Approach to INFOSEC Alarm Correlation , 2002, RAID.

[12]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[13]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[14]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[15]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.