Tazar Hussain, Chris D. Nugent, Jun Liu, Alfie Beard, Liming Chen, A. Moore
{"title":"基于攻击影响和主机重要性的入侵响应动作选择方法","authors":"Tazar Hussain, Chris D. Nugent, Jun Liu, Alfie Beard, Liming Chen, A. Moore","doi":"10.1145/3548636.3548649","DOIUrl":null,"url":null,"abstract":"Selecting appropriate actions is crucial for building effective Intrusion Response Systems (IRS) that can counter intrusions according to their priority level. Currently, the priority level of intrusions is determined manually, in a static manner, which is time consuming, ineffective and cannot scale with the growing number of attacks. In this paper we present an effective event prioritization methodology by encoding domain knowledge, namely attack impact and host importance, into features in terms of the confidentiality, integrity and availability (CIA). The proposed approach is demonstrated using a testbed architecture where a total of six features are generated from the domain knowledge and are labeled with appropriate response options. One set of features encodes attack impact in terms of its potential damage and its ability to propagate and another set of features encodes host importance in terms of data sensitivity, service criticality, number of connections and vulnerabilities on the basis of the CIA factors. The case study results indicate that the generated features help security analysts to select appropriate response options according to the priority level of events. Additionally, as a result of the methodology a labelled Intrusion Response (IR) dataset is generated. In future work we aim to use machine learning to analyze this dataset to infer actions automatically.","PeriodicalId":384376,"journal":{"name":"Proceedings of the 4th International Conference on Information Technology and Computer Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Attack Impact and Host Importance based Approach to Intrusion Response Action Selection\",\"authors\":\"Tazar Hussain, Chris D. Nugent, Jun Liu, Alfie Beard, Liming Chen, A. Moore\",\"doi\":\"10.1145/3548636.3548649\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Selecting appropriate actions is crucial for building effective Intrusion Response Systems (IRS) that can counter intrusions according to their priority level. Currently, the priority level of intrusions is determined manually, in a static manner, which is time consuming, ineffective and cannot scale with the growing number of attacks. In this paper we present an effective event prioritization methodology by encoding domain knowledge, namely attack impact and host importance, into features in terms of the confidentiality, integrity and availability (CIA). The proposed approach is demonstrated using a testbed architecture where a total of six features are generated from the domain knowledge and are labeled with appropriate response options. One set of features encodes attack impact in terms of its potential damage and its ability to propagate and another set of features encodes host importance in terms of data sensitivity, service criticality, number of connections and vulnerabilities on the basis of the CIA factors. The case study results indicate that the generated features help security analysts to select appropriate response options according to the priority level of events. Additionally, as a result of the methodology a labelled Intrusion Response (IR) dataset is generated. In future work we aim to use machine learning to analyze this dataset to infer actions automatically.\",\"PeriodicalId\":384376,\"journal\":{\"name\":\"Proceedings of the 4th International Conference on Information Technology and Computer Communications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 4th International Conference on Information Technology and Computer Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3548636.3548649\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th International Conference on Information Technology and Computer Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3548636.3548649","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Attack Impact and Host Importance based Approach to Intrusion Response Action Selection
Selecting appropriate actions is crucial for building effective Intrusion Response Systems (IRS) that can counter intrusions according to their priority level. Currently, the priority level of intrusions is determined manually, in a static manner, which is time consuming, ineffective and cannot scale with the growing number of attacks. In this paper we present an effective event prioritization methodology by encoding domain knowledge, namely attack impact and host importance, into features in terms of the confidentiality, integrity and availability (CIA). The proposed approach is demonstrated using a testbed architecture where a total of six features are generated from the domain knowledge and are labeled with appropriate response options. One set of features encodes attack impact in terms of its potential damage and its ability to propagate and another set of features encodes host importance in terms of data sensitivity, service criticality, number of connections and vulnerabilities on the basis of the CIA factors. The case study results indicate that the generated features help security analysts to select appropriate response options according to the priority level of events. Additionally, as a result of the methodology a labelled Intrusion Response (IR) dataset is generated. In future work we aim to use machine learning to analyze this dataset to infer actions automatically.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
