Simulating adversarial interactions between intruders and system administrators using OODA-RR

Intrusion in information systems is a major problem in security management. Present-day intrusion detection systems detect attacks too late to counter them in real-time. Several authors in the digital forensics literature have proposed using Boyd's Observe-Orient-Decide-Act (OODA) model for intrusion protection, but none have taken these proposals further. This paper reports on hand-simulation of the adversarial interaction between an intruder and a system administrator intended to demonstrate the feasibility of implementing a rationally reconstructed OODA (OODA-RR) model. An OODA-RR test-bed is currently being implemented.

[1]  William L. Simon,et al.  The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers , 2005 .

[2]  Mark S. Boddy,et al.  Course of Action Generation for Cyber Security Using Classical Planning , 2005, ICAPS.

[3]  Hans E. Keus A Framework for Analysis of Decision Processes in Teams , 2002 .

[4]  D. Hantula Sources of Power: How People Make Decisions , 2001 .

[5]  Ben Laurie Network Forensics , 2004, ACM Queue.

[6]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[7]  T. J. Grant,et al.  Agent Coordination Mechanisms for Multi-National Network Enabled Capabilities , 2006 .

[8]  Peter Essens,et al.  Military Command Team Effectiveness: Model and Instrument for Assessment and Improvement (L'efficacite des Equipes de Commandement Militaires: un Modele et un Instrument Pour L'evaluation et L'amelioration) , 2005 .

[9]  Mica R. Endsley,et al.  Theoretical Underpinnings of Situation Awareness, A Critical Review , 2000 .

[10]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[11]  Berndt Brehmer,et al.  The Dynamic OODA Loop : Amalgamating Boyd ’ s OODA Loop and the Cybernetic Approach to Command and Control ASSESSMENT , TOOLS AND METRICS , 2005 .

[12]  Frank E. Ritter,et al.  Choosing and getting started with a cognitive architecture to test and use human-machine , 2004, MMI Interakt..

[13]  John R. Boyd,et al.  Organic Design for Command and Control , 2005 .

[14]  A. N. Zincir-Heywood,et al.  Intrusion Detection Systems , 2008 .

[15]  William L. Simon,et al.  The Art of Intrusion , 2005 .

[16]  Joseph Giordano,et al.  Cyber Forensics: A Military Operations Perspective , 2002, Int. J. Digit. EVid..

[17]  Tim Grant,et al.  Comparing OODA and Other Models as Operational View C2 Architecture , 2005 .

[18]  Tim Grant,et al.  Unifying planning and control using an OODA-based architecture , 2005 .

[19]  Martin Arvidson,et al.  Intrusion Detection Systems : Technologies, Weaknesses and Trends , 2003 .

[20]  Michael Pidd,et al.  Computer Simulation in Management Science (3rd Edition) , 1998 .

[21]  Tim Grant Integrating Sensemaking and Response using Planning Operator Induction , 2005 .

[22]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[23]  Marc Dacier,et al.  Lessons learned from the deployment of a high-interaction honeypot , 2006, 2006 Sixth European Dependable Computing Conference.

[24]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[25]  Kevin Beaver Hacking for Dummies , 2004 .

[26]  David A. Marca,et al.  SADT: structured analysis and design technique , 1987 .

[27]  Peter Jackson,et al.  Introduction to expert systems , 1986 .

[28]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[29]  Jan H. P. Eloff,et al.  Vulnerability forecasting - a conceptual model , 2004, Comput. Secur..

[30]  Stuart McClure,et al.  Hacking Exposed; Network Security Secrets and Solutions , 1999 .

[31]  K. Weick FROM SENSEMAKING IN ORGANIZATIONS , 2021, The New Economic Sociology.

[32]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[33]  Stuart McClure,et al.  Hacking Exposed: Network Security Secrets and Solutions, Fourth Edition , 2001 .