Towards incorporating human intelligence into online security solutions

The design of automated online security and intrusion tolerance solutions for computer systems and networks is a theoretically achievable objective. However, after two decades of research, this objective has still not yet successfully passed the practicality test to become widely adopted. We believe that the main reason behind this gap lies in the misleading definition of autonomous security that precludes human intervention in trying to achieve unrealistic level of full automation. In this position paper, we discuss a novel research direction to address this challenge through a coherent integration of human intelligence. In particular, we identify the key questions to be answered in order to enable human intelligence to be leveraged in a seamless manner and without requiring explicit heavy human involvements. We illustrate our discussion through the preliminary design of a semi-automated intrusion detection and response system that incorporates reasonable human input to achieve higher levels of intrusion tolerance efficiency.

[1]  Luigi Portinale,et al.  Improving the analysis of dependable systems by mapping fault trees into Bayesian networks , 2001, Reliab. Eng. Syst. Saf..

[2]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[3]  George Varghese,et al.  Intrusion Response Systems: A Survey , 2008 .

[4]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[5]  William H. Sanders,et al.  RRE: A Game-Theoretic Intrusion Response and Recovery Engine , 2014, IEEE Transactions on Parallel and Distributed Systems.

[6]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[7]  Joel Cummings Safari Tech Books Online , 2013 .

[8]  David Heckerman,et al.  Empirical Analysis of Predictive Algorithms for Collaborative Filtering , 1998, UAI.

[9]  Daniel A. Keim,et al.  Challenges in Visual Data Analysis , 2006, Tenth International Conference on Information Visualisation (IV'06).

[10]  G. Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[11]  Saman A. Zonouz,et al.  EliMet: Security metric elicitation in power grid critical infrastructures by observing system administrators' responsive behavior , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[12]  Olivier Thonnard A multicriteria clustering approach to support attack attribution in cyberspace , 2010 .

[13]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[14]  Ravishankar K. Iyer,et al.  Toward Application-Aware Security and Reliability , 2007, IEEE Security & Privacy.