Intrusion Response Systems (IRSs) have been a major research topic in the last decade. At the core of an IRS is the response selection algorithm, which selects the best response action to counter the currently detected attack. Most of the IRSs proposed so far, statically or dynamically evaluate the mapping between response actions and specific attacks, ignoring the actual system state, thus providing only short-term decisions. In this paper we propose a controller based on Markov Decision Process (MDP) for an autonomic IRS. The proposed controller is able to compose atomic response actions to create optimal long-term response policies to protect a system. Experimental results show that long-term policies are always more effective than short-term policies and that they can reduce the threat resolution time up to 56% in the considered scenario.

Iannucci, S., Abdelwahed, S. (2016). A probabilistic approach to autonomic security management. In Proceedings - 2016 IEEE International Conference on Autonomic Computing, ICAC 2016 (pp.157-166). 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : Institute of Electrical and Electronics Engineers Inc. [10.1109/ICAC.2016.12].

A probabilistic approach to autonomic security management

Iannucci S.
;
2016-01-01

Abstract

Intrusion Response Systems (IRSs) have been a major research topic in the last decade. At the core of an IRS is the response selection algorithm, which selects the best response action to counter the currently detected attack. Most of the IRSs proposed so far, statically or dynamically evaluate the mapping between response actions and specific attacks, ignoring the actual system state, thus providing only short-term decisions. In this paper we propose a controller based on Markov Decision Process (MDP) for an autonomic IRS. The proposed controller is able to compose atomic response actions to create optimal long-term response policies to protect a system. Experimental results show that long-term policies are always more effective than short-term policies and that they can reduce the threat resolution time up to 56% in the considered scenario.
2016
978-1-5090-1654-9
Iannucci, S., Abdelwahed, S. (2016). A probabilistic approach to autonomic security management. In Proceedings - 2016 IEEE International Conference on Autonomic Computing, ICAC 2016 (pp.157-166). 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : Institute of Electrical and Electronics Engineers Inc. [10.1109/ICAC.2016.12].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11590/404593
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 22
  • ???jsp.display-item.citation.isi??? 13
social impact