TY - GEN
T1 - A service dependency model for cost-sensitive intrusion response
AU - Kheir, Nizar
AU - Cuppens-Boulahia, Nora
AU - Cuppens, Frédéric
AU - Debar, Hervé
PY - 2010/1/1
Y1 - 2010/1/1
N2 - Recent advances in intrusion detection and prevention have brought promising solutions to enhance IT security. Despite these efforts, the battle with cyber attackers has reached a deadlock. While attackers always try to unveil new vulnerabilities, security experts are bounded to keep their softwares compliant with the latest updates. Intrusion response systems are thus relegated to a second rank because no one trusts them to modify system configuration during runtime. Current response cost evaluation techniques do not cover all impact aspects, favoring availability over confidentiality and integrity. They do not profit from the findings in intrusion prevention which led to powerful models including vulnerability graphs, exploit graphs, etc. This paper bridges the gap between these models and service dependency models that are used for response evaluation. It proposes a new service dependency representation that enables intrusion and response impact evaluation. The outcome is a service dependency model and a complete methodology to use this model in order to evaluate intrusion and response costs. The latter covers response collateral damages and positive response effects as they reduce intrusion costs.
AB - Recent advances in intrusion detection and prevention have brought promising solutions to enhance IT security. Despite these efforts, the battle with cyber attackers has reached a deadlock. While attackers always try to unveil new vulnerabilities, security experts are bounded to keep their softwares compliant with the latest updates. Intrusion response systems are thus relegated to a second rank because no one trusts them to modify system configuration during runtime. Current response cost evaluation techniques do not cover all impact aspects, favoring availability over confidentiality and integrity. They do not profit from the findings in intrusion prevention which led to powerful models including vulnerability graphs, exploit graphs, etc. This paper bridges the gap between these models and service dependency models that are used for response evaluation. It proposes a new service dependency representation that enables intrusion and response impact evaluation. The outcome is a service dependency model and a complete methodology to use this model in order to evaluate intrusion and response costs. The latter covers response collateral damages and positive response effects as they reduce intrusion costs.
U2 - 10.1007/978-3-642-15497-3_38
DO - 10.1007/978-3-642-15497-3_38
M3 - Conference contribution
AN - SCOPUS:78049413993
SN - 3642154964
SN - 9783642154966
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 626
EP - 642
BT - Computer Security, ESORICS 2010 - 15th European Symposium on Research in Computer Security, Proceedings
PB - Springer Verlag
T2 - 15th European Symposium on Research in Computer Security, ESORICS 2010
Y2 - 20 September 2010 through 22 September 2010
ER -