Awareness and reaction strategies for critical infrastructure protection

We study IDPRS solutions for CIP, considering their components and constraints.We design a methodological framework for IDPRS solutions within critical scenarios.ICS need automated intelligent solutions for early detection and protection.Current IDPRS solutions for CIP lack automatic active reaction mechanisms.We give recommendations for adaptation or development of IDPRS solutions for CIP. Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.

[1]  Cristina Alcaraz,et al.  Wide-Area Situational Awareness for Critical Infrastructure Protection , 2013, Computer.

[2]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[3]  Igor Nai Fovino,et al.  State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept , 2009, CRITIS.

[4]  S. Mnsman,et al.  System or security managers adaptive response tool , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Michel Dagenais,et al.  ARITO: Cyber-attack response system using accurate risk impact tolerance , 2013, International Journal of Information Security.

[6]  Nora Cuppens-Boulahia,et al.  Risk-Aware Framework for Activating and Deactivating Policy-Based Response , 2010, 2010 Fourth International Conference on Network and System Security.

[7]  İnan Güler,et al.  A Survey of Wormhole-based Attacks and their Countermeasures in Wireless Sensor Networks , 2011 .

[8]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[9]  Matthew Henry,et al.  Risk Analysis in Interdependent Infrastructures , 2007, Critical Infrastructure Protection.

[10]  Christopher Krügel,et al.  Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[11]  Maria Papadaki,et al.  An investigation and survey of response options for Intrusion Response Systems (IRSs) , 2010, 2010 Information Security for South Africa.

[12]  Ajith Abraham,et al.  DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment , 2007 .

[13]  Karl N. Levitt,et al.  Using Specification-Based Intrusion Detection for Automated Response , 2003, RAID.

[14]  Steven Furnell,et al.  Achieving automated intrusion response: a prototype implementation , 2006, Inf. Manag. Comput. Secur..

[15]  Voicu Groza,et al.  A risk assessment framework for the smart grid , 2013, 2013 IEEE Electrical Power & Energy Conference.

[16]  L.M. Rossey,et al.  SARA: Survivable Autonomic Response Architecture , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[17]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[18]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[19]  Salvatore J. Stolfo,et al.  FLIPS: Hybrid Adaptive Intrusion Prevention , 2005, RAID.

[20]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[21]  Michel Dagenais,et al.  Intrusion Response Systems: Survey and Taxonomy , 2012 .

[22]  William H. Sanders,et al.  RRE: A Game-Theoretic Intrusion Response and Recovery Engine , 2014, IEEE Transactions on Parallel and Distributed Systems.

[23]  Udo W. Pooch,et al.  Adaptive agent-based intrusion response , 2001 .

[24]  Cristina Alcaraz,et al.  Towards Automatic Critical Infrastructure Protection through Machine Learning , 2013, CRITIS.

[25]  Mohamed Hamdi,et al.  A multi-attribute decision model for intrusion response system , 2014, Inf. Sci..

[26]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[27]  Peter Martini,et al.  Graph based Metrics for Intrusion Response Measures in Computer Networks , 2007 .

[28]  M. Zaghdoud,et al.  Contextual Fuzzy Cognitive Map for Intrusion Response System , 2013 .

[29]  Yingjiu Li,et al.  An intrusion response decision-making model based on hierarchical task network planning , 2010, Expert Syst. Appl..

[30]  Yue Chen,et al.  Adaptive Intrusion Response to Minimize Risk over Multiple Network Attacks , 2002 .

[31]  Johnny S. Wong,et al.  A Framework for Cost Sensitive Assessment of Intrusion Response Selection , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[32]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[33]  Douglas S. Reeves,et al.  Tracing Based Active Intrusion Response , 2002 .

[34]  Ravishankar K. Iyer,et al.  Adapting Bro into SCADA: building a specification-based intrusion detection system for the DNP3 protocol , 2013, CSIIRW '13.

[35]  D. Sterne,et al.  Cooperative Intrusion Traceback and Response Architecture (CITRA) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[36]  Youki Kadobayashi,et al.  Exploring attack graph for cost-benefit security hardening: A probabilistic approach , 2013, Comput. Secur..

[37]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).