Success Likelihood of Ongoing Attacks for Intrusion Detection and Response Systems

Author

Kanoun, Wael ; Cuppens-Boulahia, Nora ; Cuppens, Fr?©d?©ric ; Dubus, Samuel ; Martin, Antony

Author_Institution

Bell Fabs, Alcatel-Fucent, Nozay, France

Volume

3

fYear

2009

Firstpage

83

Lastpage

91

Abstract

Intrusion Detection and Response Systems have become a core component in modern security architectures. Current researches are combining intrusion detection and response systems with risk analysis or cost-sensitive approaches to enhance the detection and the response procedure, by assessing the risk of detected attacks and candidate countermeasures. The Risk has two primary dimensions: (i) the likelihood of success of the attack(s), and (ii) the impact of the attack(s) and the countermeasure(s).In this paper, we present a model to assess the success likelihood of attack objectives. This model can be used by intrusion detection and response systems to identify candidate ongoing scenarios, calculate dynamically the likelihood of success for each of them considering the progress of the attack and the state of the target system, and finally prioritize candidate intrusion objectives and associated countermeasures.

Keywords

risk analysis; security of data; cost-sensitive approach; intrusion detection-response system; ongoing attack success likelihood; risk analysis; security architecture; Costs; Counting circuits; Cryptography; Information security; Intelligent networks; Intelligent systems; Intrusion detection; Risk analysis; Telecommunication computing; Telecommunication traffic; Success likelihood; dynamic Markov model; intrusion detection and response systems; intrusion objective;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Science and Engineering, 2009. CSE '09. International Conference on

Print_ISBN

978-1-4244-5334-4

Electronic_ISBN

978-0-7695-3823-5

Type

conf

DOI

10.1109/CSE.2009.233

Filename

5283306