Limiting Uncertainty in Intrusion Response

Slides:



Advertisements
Similar presentations
IATI Technical Advisory Group Technical Proposals Simon Parrish IATI Technical Advisory Group, DIPR March 2010.
Advertisements

An Isolated Network in Support of an Advanced Networks and Security Course LTC Curtis A. Carver Jr. LTC John M.D. Hill Dr. Udo W. Pooch.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Third Generation Adaptive Hypermedia Systems Curtis A. Carver Jr., John M.D. Hill and Udo W. Pooch.
CONTEXT-BASED INTRUSION DETECTION USING SNORT, NESSUS AND BUGTRAQ DATABASES Presented by Frédéric Massicotte Communications Research Centre Canada Department.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Tactical Event Resolution Using Software Agents, Crisp Rules, and a Genetic Algorithm John M. D. Hill, Michael S. Miller, John Yen, and Udo W. Pooch Department.
Emerging Curriculum Issues in Digital Libraries MAJ(P) Curtis A. Carver Jr. LTC John M.D. Hill Udo W. Pooch.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.
Scheduling with uncertain resources Elicitation of additional data Ulaş Bardak, Eugene Fink, Chris Martens, and Jaime Carbonell Carnegie Mellon University.
Software Quality Metrics
Mobile Agents: A Key for Effective Pervasive Computing Roberto Speicys Cardoso & Fabio Kon University of São Paulo - Brazil.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Design of an Intrusion Response System using Evolutionary Computation Rohit Parti.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Continuous Auditing. Items to be discussed include: Developing a Continuous Auditing Program Continuous Auditing Process Benefits of Continuous Auditing.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Evaluation of Software Design Presented by: Praneeth Ganapavarapu (CSC-532 fall-04)
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
SensIT PI Meeting, January 15-17, Self-Organizing Sensor Networks: Efficient Distributed Mechanisms Alvin S. Lim Computer Science and Software Engineering.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Alert Aggregation in Mobile Ad-Hoc Networks By Bo Sun, Kui Wu, Udo W. Pooch.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA.
1 Hybrid-Formal Coverage Convergence Dan Benua Synopsys Verification Group January 18, 2010.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Scott Teeters, Jr. MicroSolved, Inc. in partnership with Sogeti USA How to Fail A Penetration Test Concepts in Securing a Network.
Secure In-Network Aggregation for Wireless Sensor Networks
A Systematic Survey of Self-Protecting Software Systems
Cryptography and Network Security Sixth Edition by William Stallings.
Managing Web Server Performance with AutoTune Agents by Y. Diao, J. L. Hellerstein, S. Parekh, J. P. Bigus Presented by Changha Lee.
Audit COM380 University of Sunderland Harry R. Erwin, PhD.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Special Challenges With Large Data Mining Projects CAS PREDICTIVE MODELING SEMINAR Beth Fitzgerald ISO October 2006.
Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.
Scheduling with uncertain resources Collaboration with the user Eugene Fink, Ulaş Bardak, Brandon Rothrock, Jaime Carbonell Carnegie Mellon University.
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Experience Report: System Log Analysis for Anomaly Detection
OIT Security Operations
TCSEC: The Orange Book.
Security measures deployed by e-communication providers
Grid Computing Security Mechanisms: the state-of-the-art
Under the Guidance of V.Rajashekhar M.Tech Assistant Professor
Performance monitoring framework for the technical infrastructure
The Development Process of Web Applications
An assessment framework for Intrusion Prevention System (IPS)
Security Methods and Practice CET4884
Kuchimanchi Lakshmi Prasanna
Hybrid computing using a neural network with dynamic external memory
Sivaram kishan A, Consultant
Using An Isolated Network to Teach Advanced Networks and Security
Curtis A. Carver Jr., John M.D. Hill, John R. Surdu, and Udo W. Pooch
Lecture 14: Data Repairing
USING TECHNOLOGY FOR IMPROVEMENT
Document Visualization at UMBC
The air traffic controller’s perspective on runway excursion hazards and mitigation options Session 3 Presentation 1.
The air traffic controller’s perspective on runway excursion hazards and mitigation options Session 2 Presentation 3.
Agenda Context of the BR Redesign Redesign Objectives Redesign changes
$ $
Intrusion Detection system
Jana Diesner, PhD Associate Professor, UIUC
Workshop: Equipment June 29, 2006.
Presentation transcript:

Limiting Uncertainty in Intrusion Response Curtis A. Carver Jr. John M.D. Hill Udo W. Pooch

Agenda Motivation Adaptive, Agent-based Intrusion Response System (AAIRS) Uncertainty in Detection Uncertainty in Classifying Attacks Uncertainty in Response Conclusions 6/5/2001 SMC-IAW

Motivation (CERT Incidents) The number of computer attacks is increasing and the attacks are becoming increasingly complex. 6/5/2001 SMC-IAW

Motivation (Intrusion Response Systems) Intrusion response systems must address uncertainty. Response systems should provide automated mechanisms for adapting to uncertainty in intrusion response. Of the systems surveyed, none provided mechanisms for answering the following questions: IR Classification # Notification 31 Manual Response 8 Automatic Response 17 Total 56 6/5/2001 SMC-IAW

Uncertainty in Intrusion Response Is the system really under attack? If the system is under attack, is this a new attack or part of an ongoing attack? Did my response plan work and if it did not, how can I adapt it? 6/5/2001 SMC-IAW

AAIRS Methodology Monitored System Response Toolkit System Admin Tool Intrusion Detection System System Admin Tool Response Toolkit Interface Master Analysis Response Taxonomy Policy Specification Monitored System 6/5/2001 SMC-IAW

Uncertainty (Detection) Intrusion detection is imperfect. AAIRS addresses uncertainty in detection by maintaining a false alarm rate on each supported intrusion detection system. The false alarm rate is maintained by the system administrator but could be updated automatically by calibrating the false alarm rate. 6/5/2001 SMC-IAW

Uncertainty (Classifying Attacks) Detected attacks can be a new attack or part of an ongoing attack. Event List History Time Metric Session Identifier Attack Type Metric 6/5/2001 SMC-IAW

Uncertainty in Response Response plan consists of a response goal, two or more plan steps, and associated tactics and implementations. Each plan step, tactic, and implementation has an associated success factor. The success factor is the ratio of the number of times it has been successfully deployed to the total number of times it has been deployed. 6/5/2001 SMC-IAW

Uncertainty in Response Plan Generation Apply Policy Constraints Set Response Taxonomy Weights Determine System Response Goal Weights Build Tentative Plan Build Final Plan Implementation Success or Failure Plan Adaptation Failed Implementation Substitution Tactic Substitution Significant Change Adaptation 6/5/2001 SMC-IAW

Conclusions Must manage uncertainty in intrusion response system. The techniques presented in this paper provide a starting point for addressing this uncertainty. 6/5/2001 SMC-IAW

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.