Intrusion response systems: Foundations, design, and challenges

In the last few decades, various network attacks have emerged. This phenomenon requires serious consideration to address its extensive consequences. To overcome the effects of network attacks, an appropriate intrusion detection system and a real-time intrusion response system are required. In this paper, we present an IRS taxonomy based on design parameters to classify existing schemes. Furthermore, we investigate the essential response design parameters for IRS to mitigate attacks in real time and obtain a robust output. The majority of existing schemes disregard the importance of semantic coherence and dynamic response parameters in the response selection process. Therefore, most existing schemes produce inaccurate results by generating false alarms. These design parameters are comprehensively discussed in this paper. We have qualitatively analyzed existing IRS schemes on the basis of the response design parameters. Open research challenges are identified to highlight key research areas in this research domain.

[1]  Svein J. Knapskog,et al.  Real-Time Risk Assessment with Network Sensors and Intrusion Detection Systems , 2005, CIS.

[2]  Adetunmbi A. Olusola,et al.  Analysis of KDD '99 Intrusion Detection Dataset for Selection of Relevance Features , 2010 .

[3]  Wan Li,et al.  An ontology-based intrusion alerts correlation system , 2010, Expert Syst. Appl..

[4]  Dinesh Sequeira INTRUSION PREVENTION SYSTEMS - SECURITY'S SILVER BULLET? , 2002 .

[5]  J. Eisl,et al.  Co-operative handover in 3G System Architecture Evolution , 2007 .

[6]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[7]  N. B. Anuar,et al.  Identifying False Alarm for Network Intrusion Detection System Using Hybrid Data Mining and Decision Tree , 2008 .

[8]  Youki Kadobayashi,et al.  Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks , 2011, Comput. Secur..

[9]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[10]  Antonio Alfredo Ferreira Loureiro,et al.  Decentralized intrusion detection in wireless sensor networks , 2005, Q2SWinet '05.

[11]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[12]  Han Qi,et al.  Sierpinski triangle based data center architecture in cloud computing , 2014, The Journal of Supercomputing.

[13]  Muhammad Shiraz,et al.  Big Data: Survey, Technologies, Opportunities, and Challenges , 2014, TheScientificWorldJournal.

[14]  Yue Chen,et al.  Adaptive Intrusion Response to Minimize Risk over Multiple Network Attacks , 2002 .

[15]  Ainuddin Wahid Abdul Wahab,et al.  A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing , 2014, TheScientificWorldJournal.

[16]  Johnny S. Wong,et al.  A Framework for Cost Sensitive Assessment of Intrusion Response Selection , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[17]  Manel Guerrero Zapata,et al.  A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks , 2015, Neurocomputing.

[18]  Steven Furnell,et al.  Achieving automated intrusion response: a prototype implementation , 2006, Inf. Manag. Comput. Secur..

[19]  Jugal K. Kalita,et al.  Network attacks: Taxonomy, tools and systems , 2014, J. Netw. Comput. Appl..

[20]  Ali Movaghar-Rahimabadi,et al.  Intrusion Detection: A Survey , 2008, 2008 Third International Conference on Systems and Networks Communications.

[21]  Maria Papadaki,et al.  An investigation and survey of response options for Intrusion Response Systems (IRSs) , 2010, 2010 Information Security for South Africa.

[22]  Ajith Abraham,et al.  DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment , 2007 .

[23]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[24]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[25]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[26]  Ram Dantu,et al.  Risk management using behavior based attack graphs , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[27]  Yi Zhang,et al.  Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation , 2009, J. Netw. Comput. Appl..

[28]  H. K. Huang,et al.  Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory , 2008, ESORICS.

[29]  Álvaro Herrero,et al.  MOVIH-IDS: A mobile-visualization hybrid intrusion detection system , 2009, Neurocomputing.

[30]  Michel Dagenais,et al.  A Retroactive-Burst Framework for Automated Intrusion Response System , 2013, J. Comput. Networks Commun..

[31]  Douglas S. Reeves,et al.  Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework , 2001, SEC.

[32]  Nora Cuppens-Boulahia,et al.  Risk-Aware Framework for Activating and Deactivating Policy-Based Response , 2010, 2010 Fourth International Conference on Network and System Security.

[33]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[34]  Edson dos Santos Moreira,et al.  An adaptive intrusion detection system using neural networks , 1998 .

[35]  Udo W. Pooch,et al.  Adaptation techniques for intrusion detection and intrusion response systems , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[36]  Giovanni Vigna,et al.  NetSTAT: A Network-based Intrusion Detection System , 1999, J. Comput. Secur..

[37]  Víctor A. Villagrá,et al.  Ontologies-Based Automated Intrusion Response System , 2010, CISIS.

[38]  Jaideep Srivastava,et al.  Intrusion Detection: A Survey , 2005 .

[39]  Manel Guerrero Zapata,et al.  An ANFIS-based cache replacement method for mitigating cache pollution attacks in Named Data Networking , 2015, Comput. Networks.

[40]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[41]  Mohamed Cheriet,et al.  Taxonomy of intrusion risk assessment and response system , 2014, Comput. Secur..

[42]  Michel Dagenais,et al.  Intrusion Response Systems: Survey and Taxonomy , 2012 .

[43]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[44]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[45]  Michael P. Howarth,et al.  An intrusion detection & adaptive response mechanism for MANETs , 2014, Ad Hoc Networks.

[46]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[47]  Yanyan Yang,et al.  Policy management for network-based intrusion detection and prevention , 2004, 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507).

[48]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[49]  Christopher Krügel,et al.  Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[50]  Michael P. Howarth,et al.  Adaptive intrusion detection & prevention of denial of service attacks in MANETs , 2009, IWCMC.

[51]  Neminath Hubballi,et al.  False alarm minimization techniques in signature-based intrusion detection systems: A survey , 2014, Comput. Commun..

[52]  Fabrizio Baiardi,et al.  CIDS: A Framework for Intrusion Detection in Cloud Systems , 2012, 2012 Ninth International Conference on Information Technology - New Generations.

[53]  Sushil Jajodia,et al.  Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts , 2006, Comput. Commun..

[54]  Mohamed Eltoweissy,et al.  Defense as a service cloud for Cyber-Physical Systems , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[55]  Yuan-Cheng Lai,et al.  Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems , 2012, IEEE Communications Magazine.

[56]  Abbass Asosheh,et al.  A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification , 2008 .

[57]  D. Sterne,et al.  Cooperative Intrusion Traceback and Response Architecture (CITRA) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[58]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[59]  Barry E. Mullins,et al.  Program Fragmentation as a Metamorphic Software Protection , 2007 .

[60]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[61]  Felix C. Freiling,et al.  Cooperative Intrusion Detection in Wireless Sensor Networks , 2009, EWSN.

[62]  Manel Guerrero Zapata,et al.  A hybrid multiobjective RBF-PSO method for mitigating DoS attacks in Named Data Networking , 2015, Neurocomputing.

[63]  Johnny S. Wong,et al.  Intrusion response cost assessment methodology , 2009, ASIACCS '09.

[64]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[65]  Qazi Mamoon Ashraf,et al.  Autonomic schemes for threat mitigation in Internet of Things , 2015, J. Netw. Comput. Appl..

[66]  Yan Zhang,et al.  The Design and Implementation of Host-Based Intrusion Detection System , 2010, 2010 Third International Symposium on Intelligent Information Technology and Security Informatics.

[67]  Michael P. Howarth,et al.  Protection of MANETs from a range of attacks using an intrusion detection and prevention system , 2013, Telecommun. Syst..

[68]  Julius Beneoluchi Odili,et al.  Response option for attacks detected by intrusion detection system , 2015, 2015 4th International Conference on Software Engineering and Computer Systems (ICSECS).

[69]  Udo W. Pooch,et al.  Adaptive agent-based intrusion response , 2001 .

[70]  Zolkipli Mohamad Fadli,et al.  A Review Paper on Botnet and Botnet Detection Techniques in Cloud Computing , 2014 .

[71]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[72]  Nizar Kheir Response policies and counter-measure : management of service dependencies and intrusion and reaction impacts , 2010 .

[73]  Michel Dagenais,et al.  ORCEF: Online response cost evaluation framework for intrusion response system , 2015, J. Netw. Comput. Appl..

[74]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[75]  Ing-Ray Chen,et al.  Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems , 2013, IEEE Transactions on Reliability.

[76]  Mark O'Neill The Internet of Things: do more devices mean more risks? , 2014 .

[77]  Karl N. Levitt,et al.  Using Specification-Based Intrusion Detection for Automated Response , 2003, RAID.

[78]  Nora Cuppens-Boulahia,et al.  Cost Evaluation for Intrusion Response Using Dependency Graphs , 2009, 2009 International Conference on Network and Service Security.

[79]  Julio Berrocal,et al.  Definition of response metrics for an ontology-based Automated Intrusion Response Systems , 2012, Comput. Electr. Eng..

[80]  Edson dos Santos Moreira,et al.  Network intrusion detection using neural networks , 1997 .

[81]  Feiyi Wang,et al.  Design and implementation of a scalable intrusion detection system for the protection of network infrastructure , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[82]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[83]  Hu Zhengbing,et al.  Study of Intrusion Detection Systems (IDSs) in Network Security , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[84]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[85]  Ali A. Ghorbani,et al.  Network Intrusion Detection and Prevention - Concepts and Techniques , 2010, Advances in Information Security.

[86]  Salvatore J. Stolfo,et al.  FLIPS: Hybrid Adaptive Intrusion Prevention , 2005, RAID.

[87]  Peter Martini,et al.  Graph based Metrics for Intrusion Response Measures in Computer Networks , 2007 .

[88]  Eugene H. Spafford,et al.  Automated adaptive intrusion containment in systems of interacting services , 2007, Comput. Networks.

[89]  Yingjiu Li,et al.  An intrusion response decision-making model based on hierarchical task network planning , 2010, Expert Syst. Appl..

[90]  Juan E. Tapiador,et al.  Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[91]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[92]  Ali Ghorbani,et al.  Alert correlation survey: framework and techniques , 2006, PST.

[93]  Karl N. Levitt,et al.  Cost-Sensitive Intrusion Responses for Mobile Ad Hoc Networks , 2007, RAID.

[94]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[95]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[96]  Nora Cuppens-Boulahia,et al.  A Service Dependency Modeling Framework for Policy-Based Response Enforcement , 2009, DIMVA.

[97]  Jie Wu,et al.  A Survey on Intrusion Detection in Mobile Ad Hoc Networks , 2007 .

[98]  A. Gani,et al.  Geographic Wormhole Detection in Wireless Sensor Networks , 2015, PloS one.