• DocumentCode
    3565285
  • Title

    Success Likelihood of Ongoing Attacks for Intrusion Detection and Response Systems

  • Author

    Kanoun, Wael ; Cuppens-Boulahia, Nora ; Cuppens, Fr?©d?©ric ; Dubus, Samuel ; Martin, Antony

  • Author_Institution
    Bell Fabs, Alcatel-Fucent, Nozay, France
  • Volume
    3
  • fYear
    2009
  • Firstpage
    83
  • Lastpage
    91
  • Abstract
    Intrusion Detection and Response Systems have become a core component in modern security architectures. Current researches are combining intrusion detection and response systems with risk analysis or cost-sensitive approaches to enhance the detection and the response procedure, by assessing the risk of detected attacks and candidate countermeasures. The Risk has two primary dimensions: (i) the likelihood of success of the attack(s), and (ii) the impact of the attack(s) and the countermeasure(s).In this paper, we present a model to assess the success likelihood of attack objectives. This model can be used by intrusion detection and response systems to identify candidate ongoing scenarios, calculate dynamically the likelihood of success for each of them considering the progress of the attack and the state of the target system, and finally prioritize candidate intrusion objectives and associated countermeasures.
  • Keywords
    risk analysis; security of data; cost-sensitive approach; intrusion detection-response system; ongoing attack success likelihood; risk analysis; security architecture; Costs; Counting circuits; Cryptography; Information security; Intelligent networks; Intelligent systems; Intrusion detection; Risk analysis; Telecommunication computing; Telecommunication traffic; Success likelihood; dynamic Markov model; intrusion detection and response systems; intrusion objective;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computational Science and Engineering, 2009. CSE '09. International Conference on
  • Print_ISBN
    978-1-4244-5334-4
  • Electronic_ISBN
    978-0-7695-3823-5
  • Type

    conf

  • DOI
    10.1109/CSE.2009.233
  • Filename
    5283306