Abstract
Recent advances in intrusion detection and prevention have brought promising solutions to enhance IT security. Despite these efforts, the battle with cyber attackers has reached a deadlock. While attackers always try to unveil new vulnerabilities, security experts are bounded to keep their softwares compliant with the latest updates. Intrusion response systems are thus relegated to a second rank because no one trusts them to modify system configuration during runtime.
Current response cost evaluation techniques do not cover all impact aspects, favoring availability over confidentiality and integrity. They do not profit from the findings in intrusion prevention which led to powerful models including vulnerability graphs, exploit graphs, etc. This paper bridges the gap between these models and service dependency models that are used for response evaluation. It proposes a new service dependency representation that enables intrusion and response impact evaluation. The outcome is a service dependency model and a complete methodology to use this model in order to evaluate intrusion and response costs. The latter covers response collateral damages and positive response effects as they reduce intrusion costs.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aceituno, V.: Return on security investment. ISSA Jounal 1, 16–19 (2006)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proc. 9th ACM Conf. on Computer and Communications Security, pp. 217–224 (2002)
Artz, M.L.: A Network Security Planning Architecture. Ph.D. thesis, Cambrdige: Massachusetts Institute of Technology (May 2002)
Balepin, I., Maltsev, S., Rowe, J., Levitt, K.: Using specification-based intrusion detection for automated response. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 136–154. Springer, Heidelberg (2003)
Cuppens, F., Autrel, F., Yacine Bouzida, J.G., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Annals of Telecommunications 61, 197–217 (2006)
Dacier, M., Deswarte, Y., Kaaniche, M.: Quantitative assessment of operational security: models and tools. Tech. Rep. 96493, LAAS (May 1996)
Dacier, M., Deswartes, Y.: Privilege graph: An extension to the typed access matrix model. In: European Symp. on Research in Computer Security, pp. 319–334 (1994)
Debar, H., Thomas, Y., Cuppens, F., Cuppens-Boulahia, N.: Enabling automated threat response through the use of a dynamic security policy. Journal in Computer Virology 3, 195–210 (2007)
Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: Adepts: Adaptive intrusion response using attack graphs in an e-commerce environment. In: Proc. Intr’l Conf. DSN, pp. 508–517 (2005)
Jahnke, M., Thul, C., Martini, P.: Graph based metrics for intrusion response measures in computer networks. In: 32nd IEEE Conf. Local Computer Networks (2007)
Jajodia, S., Noel, S.: Topological vulnerability analysis: A powerful new approach for network attack prevention, detection, and response. Algorithms, Architectures and Information Systems Security 1, 285–305 (2007)
Kheir, N., Debar, H., Cuppens, F., Cuppens-Boulahia, N., Viinikka, J.: A service dependency modeling framework for policy-based response enforcement. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 174–193. Springer, Heidelberg (2009)
Kheir, N., Debar, H., Cuppens-Boulahia, N., Cuppens, F., Viinikka, J.: Cost assessment for intrusion response using dependency graphs. In: Proc. IFIP Intrn’l Conf. N2S (2009)
Kristensen, L.M., Christensen, S., Jensen, K.: The practitioner’s guide to coloured petri nets. Intr’l Journal Software Tools for Technology Transfer, 98–132 (1998)
Lee, W., Fan, W., Miller, M., Stolfo, S.J., Zadok, E.: Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security 10, 5–22 (2002)
Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: Proc. IEEE Symp. on Security and Privacy, p. 114 (2002)
McMillan, R.: Internet explorer vulnerable to hackers, warn experts. microsoft and avg warn of danger. TechWorld magazine (March 2010)
Mead, N.R., McGraw, G.: A portal for software security. In: IEEE Security & Privacy, pp. 75–79 (2005)
Microsoft: Why microsoft dynamics for high-tech and electronics manufacturers? Microsoft Dynamics CRM
Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proc. 6th ACM Conf. Internet measurement, pp. 41–52 (2006)
Ross, S., Westerfield, R., Jordan, B.: Fundamentals of Corporate Finance Standard Edition. McGraw-Hill/Irwin (2005)
Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models. IEEE Computer 29, 38–47 (1996)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: IEEE Symp. Security & Privacy (2002)
Stakhanova, N., Basu, S., Wong, J.: A taxonomy of intrusion response systems. Intr’l Journal of Information and Computer Security 1, 169–184 (2007)
Strasburg, C., Stakhanova, N., Basu, S., Wong, J.S.: Intrusion response cost assessment methodology. In: Proc. ACM Symp. ASIACCS, pp. 388–391 (2009)
Toth, T., Kruegel, C.: Evaluating the impact of automated intrusion response mechanisms. In: Proc. 18th Annual Conf. ACSAC (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H. (2010). A Service Dependency Model for Cost-Sensitive Intrusion Response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15497-3_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-15497-3_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15496-6
Online ISBN: 978-3-642-15497-3
eBook Packages: Computer ScienceComputer Science (R0)