The quantity and sophistication of cyber attacks have increased year by year, thus it is infeasible to manually process Intrusion Detection Systems (IDSs) alerts. Intrusion Response Systems (IRSs) extend IDSs by providing automatic protection mechanisms. The core of an IRS is its planning algorithm, in charge of selecting the best response action to counter the detected attacks. However, the planning algorithm has to be carefully designed and implemented in order to exhibit a low overhead and not to compromise the scalability of the protected system. In this paper we present the performance evaluation of an IRS based on Markov Decision Process (MDP), which leverages many-core co-processors. Such an IRS produces optimal long-term response policies evaluated according to a multi-criteria objective function. We show that, despite the complexity of the MDP modeling, the proposed IRS is able to protect large systems while introducing little to no overhead on the protected hosts.

Iannucci, S., Chen, Q., & Abdelwahed, S. (2016). High-performance intrusion response planning on many-core architectures. In 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016 (pp.1-6). Institute of Electrical and Electronics Engineers Inc. [10.1109/ICCCN.2016.7568529].

High-performance intrusion response planning on many-core architectures

Iannucci S.
;
2016

Abstract

The quantity and sophistication of cyber attacks have increased year by year, thus it is infeasible to manually process Intrusion Detection Systems (IDSs) alerts. Intrusion Response Systems (IRSs) extend IDSs by providing automatic protection mechanisms. The core of an IRS is its planning algorithm, in charge of selecting the best response action to counter the detected attacks. However, the planning algorithm has to be carefully designed and implemented in order to exhibit a low overhead and not to compromise the scalability of the protected system. In this paper we present the performance evaluation of an IRS based on Markov Decision Process (MDP), which leverages many-core co-processors. Such an IRS produces optimal long-term response policies evaluated according to a multi-criteria objective function. We show that, despite the complexity of the MDP modeling, the proposed IRS is able to protect large systems while introducing little to no overhead on the protected hosts.
978-1-5090-2279-3
Iannucci, S., Chen, Q., & Abdelwahed, S. (2016). High-performance intrusion response planning on many-core architectures. In 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016 (pp.1-6). Institute of Electrical and Electronics Engineers Inc. [10.1109/ICCCN.2016.7568529].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11590/404589
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 5
social impact