A decisional framework system for computer network intrusion detection

Abstract This paper presents a multi-attribute decisional framework for computer network intrusion detection. First, a cost model that allows to estimate accurately the damage resulting from a security incident is described. Then, a multi-attribute optimization algorithm is applied to select the optimal decision based on alternatives to remedy such incidents. The major interest is that the proposed approach can be applied in collaborative reactive intrusion detection where human experts are assisted by automated tools to find the best response. The approach would allow the possibility to assess the performance of the whole system depending on the performance of each constituents’ leading to a definition of optimality conditions on the introduced framework.

[1]  Urupoj Kanlayasiri Network-based Intrusion Detection Model for Detecting TCP SYN flooding , 2000 .

[2]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[3]  John E. Gaffney,et al.  A Decision Analysis Method for Evaluating Computer Intrusion Detection Systems , 2004, Decis. Anal..

[4]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[5]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[6]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[8]  Mike Schiffman,et al.  Hacker's Challenge , 2001 .

[9]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[10]  Shi Jianming,et al.  Superiority Index Method for Multiple Attribute Decision-Making under Uncertainty , 2001 .

[11]  T. Bass,et al.  Intrusion Detection Systems & Multisensor Data Fusion: Creating Cyberspace Situational Awareness , 1999 .

[12]  Stefan Axelsson Research in Intrusion-Detection Systems: A Survey , 1998 .

[13]  Mary Shaw,et al.  Incorporating Nontechnical Attributes in Multi-attribute Analysis for Security , 2002 .

[14]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[15]  Sushil Jajodia,et al.  Intrusion Detection in Distributed Systems: An Abstraction-Based Approach , 2003 .

[16]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.