Spelling suggestions: "subject:"intrusion desponse"" "subject:"intrusion coresponse""
1 |
Incident prioritisation for intrusion response systemsJumaat, Nor Badrul Anuar January 2012 (has links)
The landscape of security threats continues to evolve, with attacks becoming more serious and the number of vulnerabilities rising. To manage these threats, many security studies have been undertaken in recent years, mainly focusing on improving detection, prevention and response efficiency. Although there are security tools such as antivirus software and firewalls available to counter them, Intrusion Detection Systems and similar tools such as Intrusion Prevention Systems are still one of the most popular approaches. There are hundreds of published works related to intrusion detection that aim to increase the efficiency and reliability of detection, prevention and response systems. Whilst intrusion detection system technologies have advanced, there are still areas available to explore, particularly with respect to the process of selecting appropriate responses. Supporting a variety of response options, such as proactive, reactive and passive responses, enables security analysts to select the most appropriate response in different contexts. In view of that, a methodical approach that identifies important incidents as opposed to trivial ones is first needed. However, with thousands of incidents identified every day, relying upon manual processes to identify their importance and urgency is complicated, difficult, error-prone and time-consuming, and so prioritising them automatically would help security analysts to focus only on the most critical ones. The existing approaches to incident prioritisation provide various ways to prioritise incidents, but less attention has been given to adopting them into an automated response system. Although some studies have realised the advantages of prioritisation, they released no further studies showing they had continued to investigate the effectiveness of the process. This study concerns enhancing the incident prioritisation scheme to identify critical incidents based upon their criticality and urgency, in order to facilitate an autonomous mode for the response selection process in Intrusion Response Systems. To achieve this aim, this study proposed a novel framework which combines models and strategies identified from the comprehensive literature review. A model to estimate the level of risks of incidents is established, named the Risk Index Model (RIM). With different levels of risk, the Response Strategy Model (RSM) dynamically maps incidents into different types of response, with serious incidents being mapped to active responses in order to minimise their impact, while incidents with less impact have passive responses. The combination of these models provides a seamless way to map incidents automatically; however, it needs to be evaluated in terms of its effectiveness and performances. To demonstrate the results, an evaluation study with four stages was undertaken; these stages were a feasibility study of the RIM, comparison studies with industrial standards such as Common Vulnerabilities Scoring System (CVSS) and Snort, an examination of the effect of different strategies in the rating and ranking process, and a test of the effectiveness and performance of the Response Strategy Model (RSM). With promising results being gathered, a proof-of-concept study was conducted to demonstrate the framework using a live traffic network simulation with online assessment mode via the Security Incident Prioritisation Module (SIPM); this study was used to investigate its effectiveness and practicality. Through the results gathered, this study has demonstrated that the prioritisation process can feasibly be used to facilitate the response selection process in Intrusion Response Systems. The main contribution of this study is to have proposed, designed, evaluated and simulated a framework to support the incident prioritisation process for Intrusion Response Systems.
|
2 |
Policies Based Intrusion Response System for DBMSNayeem, Fatima, Vijayakamal, M. 01 December 2012 (has links)
Relational databases are built on Relational Model
proposed by Dr. E. F. Codd. The relational model has
become a consistent and widely used DBMS in the world.
The databases in this model are efficient in storing and
retrieval of data besides providing authentication through
credentials. However, there might be many other attacks
apart from stealing credentials and intruding database.
Adversaries may always try to intrude into the relational
database for monetary or other gains [1]. The relational
databases are subjected to malicious attacks as they hold
the valuable business data which is sensitive in nature.
Monitoring such database continuously is a task which is
inevitable keeping the importance of database in mind.
This is a strategy that is in top five database strategies as
identified by Gartner research which are meant for getting
rid of data leaks in organizations [2]. There are regulations
from governments like US with respect to managing data
securely. The data management like HIAPP, GLBA, and
PCI etc. is mentioned in the regulations as examples. / Intrusion detection systems play an important role in detecting
online intrusions and provide necessary alerts. Intrusion detection
can also be done for relational databases. Intrusion response
system for a relational database is essential to protect it from
external and internal attacks. We propose a new intrusion
response system for relational databases based on the database
response policies. We have developed an interactive language
that helps database administrators to determine the responses to
be provided by the response system based on the malicious
requests encountered by relational database. We also maintain a
policy database that maintains policies with respect to response
system. For searching the suitable policies algorithms are
designed and implemented. Matching the right policies and
policy administration are the two problems that are addressed in
this paper to ensure faster action and prevent any malicious
changes to be made to policy objects. Cryptography is also used
in the process of protecting the relational database from attacks.
The experimental results reveal that the proposed response
system is effective and useful.
|
3 |
Endpoint Intrusion Detection and Response Agents in Embedded RAN Products : A suitability and performance evaluation / Intrångsdetektering och respons inom ändpunkter i inbyggda RAN produkter : En studie kring lämplighet och prestandaHashem, Yousef, Zildzic, Elmedin January 2022 (has links)
Endpoint detection and response is an integral part of the security of large-scale networks. Embedded hardware, such as those found at Ericsson Radio Access Network endpoints, have strict performance requirements that need to be met. This fact makes implementing intrusion detection non-trivial, as intrusion detection software often generate a lot of processing overhead. Wazuh, an established open-source distributed and centralized intrusion detection and response system, shows a lot of promise as a large-scale intrusion detection system. It is very modular and has various capabilities that can be utilized in different ways to minimize processing overhead. One of these capabilities is native support for the native Linux syscall monitoring tool AuditD. While AuditD is very capable, it can introduce severe performance penalties in certain scenarios. Falco is another syscall monitoring tool that shows promise with regards to performance, and also has more features than AuditD; which is why Falco is included as a direct comparison to AuditD. This study evaluates Wazuh, AuditD, and Falco based on a set of requirements set by Ericsson, including flexibility, scalability and reliability, by enacting performance benchmarks with normal background operations active. The results of this study show that, with the correct configuration, Wazuh can be used as an intrusion detection system in embedded systems with limited hardware, where AuditD and Falco can serve as a great addition to detecting indicators of compromise. The solution is to use a minimal intrusion detection ruleset, and in the event of suspicious activity, activate more modules to increase threat detection at the cost of CPU overhead and execution time for normal system operation.
|
4 |
ARROS: Distributed Adaptive Real-Time Network Intrusion ResponseKarunanidhi, Karthikeyan 14 April 2006 (has links)
No description available.
|
5 |
Building Secure Systems using Mobile AgentsShibli, Muhammad Awais January 2006 (has links)
<p>The progress in the field of computer networks and Internet is increasing with tremendous volume in recent years. This raises important issue with regards to security. Several solutions emerged in the past which provide security at host or network level. These traditional solutions like antivirus, firewall, spy-ware, and authentication mechanisms provide security to some extends, but they still face the challenge of inherent system flaws, OS bugs and social engineering attacks. Recently, some interesting solution emerged like Intrusion Detection and Prevention systems, but these too have some problems, like detecting and responding in real time, because they mostly require inputs from system administrator. Optimistically, we have succeeded in protecting the hosts to some extent by applying the reactive approach, such as antivirus, firewall and intrusion detection and response systems, But, if we critically analyze this approach, we will reach the conclusion that it has inherent flaws, since the number of penetrations, Internet crime cases, identity and financial data thefts, etc. are rising exponentially in recent years. The main reason is that we are using only reactive approach, i.e. protection system is activated only when some security breach occurs. Secondly, current techniques try to fix the overall huge problem of security using only small remedies (firewall, antivirus and intrusion detection and preventions system) – “point solutions”. Therefore, there is a need to develop a strategy using Mobile Agents in order to operate in reactive and proactive manners, what requires providing security on the principle of defense in depth. So, that ultimate goal of securing a system as a whole can be achieved. System is assumed to be secure if unauthorized access (penetrations) is not possible and system is safe against damages. This strategy will include three aspects: (a) autonomously detect vulnerabilities on different hosts (in a distributed network) before an attacker can exploit (b) protect hosts by detecting attempts of intrusions and responding to them in real time; and finally (c) perform tasks related to security management.</p>
|
6 |
Building Secure Systems using Mobile AgentsShibli, Muhammad Awais January 2006 (has links)
The progress in the field of computer networks and Internet is increasing with tremendous volume in recent years. This raises important issue with regards to security. Several solutions emerged in the past which provide security at host or network level. These traditional solutions like antivirus, firewall, spy-ware, and authentication mechanisms provide security to some extends, but they still face the challenge of inherent system flaws, OS bugs and social engineering attacks. Recently, some interesting solution emerged like Intrusion Detection and Prevention systems, but these too have some problems, like detecting and responding in real time, because they mostly require inputs from system administrator. Optimistically, we have succeeded in protecting the hosts to some extent by applying the reactive approach, such as antivirus, firewall and intrusion detection and response systems, But, if we critically analyze this approach, we will reach the conclusion that it has inherent flaws, since the number of penetrations, Internet crime cases, identity and financial data thefts, etc. are rising exponentially in recent years. The main reason is that we are using only reactive approach, i.e. protection system is activated only when some security breach occurs. Secondly, current techniques try to fix the overall huge problem of security using only small remedies (firewall, antivirus and intrusion detection and preventions system) – “point solutions”. Therefore, there is a need to develop a strategy using Mobile Agents in order to operate in reactive and proactive manners, what requires providing security on the principle of defense in depth. So, that ultimate goal of securing a system as a whole can be achieved. System is assumed to be secure if unauthorized access (penetrations) is not possible and system is safe against damages. This strategy will include three aspects: (a) autonomously detect vulnerabilities on different hosts (in a distributed network) before an attacker can exploit (b) protect hosts by detecting attempts of intrusions and responding to them in real time; and finally (c) perform tasks related to security management.
|
7 |
Design and Implementation of an Efficient Intrusion Response System for 5G RAN Baseband Units / Design och implementering av ett effektivt intrångsresponssystem för 5G RAN-basbandsenheterGhazzawi, Mirna, Imran, Adil January 2023 (has links)
The 5G Radio Access Network (RAN) is a critical system that must be secured against potential attacks, particularly its Base-Band Unit (BBU), which is a common target for intrusions. Ericsson, which is a big provider of such systems, has placed significant emphasis on implementing Intrusion Detection Systems (IDS) to detect threats. However, the attention given to Intrusion Response Systems (IRS) in general is limited, with current challenges including false alarms, response cost, response time and reliability. Also, the hardware limitations of the BBU present difficulties in designing an effective IRS. To address these challenges, a semi-automated IRS was implemented with a dynamic and cost-based response selection approach. Open Source SECurity (OSSEC), which is a free, open-source endpoint detection and response tool, was employed to execute the selected responses. The effectiveness of the IRS was assessed based on Ericsson's requirements, reliability, response time, response cost and false alarms. The results obtained show that the proposed IRS is reliable as it can handle a huge number of intrusions and has negligible performance overhead in less extreme attack cases. These findings offer valuable insights into addressing intrusions within a system with constrained hardware resources.
|
8 |
RSU-Based Intrusion Detection and Autonomous Intersection Response SystemsYurkovich, Peter Joseph 10 March 2022 (has links)
Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such, it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks.
This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) located on Roadside Units (RSU) was developed to detect misbehavior nodes. This model maintains a 98%-100% accuracy while reducing system overhead by removing the need for edge or cloud computing. A resilient Intrusion Response System (IRS) for a autonomous intersection was developed to protect again sybil attacks. The IRS utilizes adaptive switching between several intersection types to reduce delay by up to 78% compared to intersections without these defenses. / Master of Science / Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks.
This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) was created to detect vehicles misbehaving or conducting cyberattacks. The IDS is installed on off-road computers, called Roadside Units (RSU) which prevents the need for a separate server to be created to hold the IDS. The IDS is able to identify misbehavior and attacks at a 98% to 100% accuracy. An autonomous intersection is an intersection where all directions for driving through the intersection are transmitted through wireless communication. A Intrusion Response System (IRS) was developed for an autonomous intersection, to defend against vehicles making multiple reservation requests to pass through the intersection. The IRS reduces vehicle delay through the intersection by 78% compared to an intersection without defenses.
|
9 |
Autonomous Cyber Defense for Resilient Cyber-Physical SystemsZhang, Qisheng 09 January 2024 (has links)
In this dissertation research, we design and analyze resilient cyber-physical systems (CPSs) under high network dynamics, adversarial attacks, and various uncertainties. We focus on three key system attributes to build resilient CPSs by developing a suite of the autonomous cyber defense mechanisms. First, we consider network adaptability to achieve the resilience of a CPS. Network adaptability represents the network ability to maintain its security and connectivity level when faced with incoming attacks. We address this by network topology adaptation. Network topology adaptation can contribute to quickly identifying and updating the network topology to confuse attacks by changing attack paths. We leverage deep reinforcement learning (DRL) to develop CPSs using network topology adaptation. Second, we consider the fault-tolerance of a CPS as another attribute to ensure system resilience. We aim to build a resilient CPS under severe resource constraints, adversarial attacks, and various uncertainties. We chose a solar sensor-based smart farm as one example of the CPS applications and develop a resource-aware monitoring system for the smart farms. We leverage DRL and uncertainty quantification using a belief theory, called Subjective Logic, to optimize critical tradeoffs between system performance and security under the contested CPS environments. Lastly, we study system resilience in terms of system recoverability. The system recoverability refers to the system's ability to recover from performance degradation or failure. In this task, we mainly focus on developing an automated intrusion response system (IRS) for CPSs. We aim to design the IRS with effective and efficient responses by reducing a false alarm rate and defense cost, respectively. Specifically, We build a lightweight IRS for an in-vehicle controller area network (CAN) bus system operating with DRL-based autonomous driving. / Doctor of Philosophy / In this dissertation research, we design and analyze resilient cyber-physical systems (CPSs) under high network dynamics, adversarial attacks, and various uncertainties. We focus on three key system attributes to build resilient CPSs by developing a suite of the autonomous cyber defense mechanisms. First, we consider network adaptability to achieve the resilience of a CPS. Network adaptability represents the network ability to maintain its security and connectivity level when faced with incoming attacks. We address this by network topology adaptation. Network topology adaptation can contribute to quickly identifying and updating the network topology to confuse attacks by changing attack paths. We leverage deep reinforcement learning (DRL) to develop CPSs using network topology adaptation. Second, we consider the fault-tolerance of a CPS as another attribute to ensure system resilience. We aim to build a resilient CPS under severe resource constraints, adversarial attacks, and various uncertainties. We chose a solar sensor-based smart farm as one example of the CPS applications and develop a resource-aware monitoring system for the smart farms. We leverage DRL and uncertainty quantification using a belief theory, called Subjective Logic, to optimize critical tradeoffs between system performance and security under the contested CPS environments. Lastly, we study system resilience in terms of system recoverability. The system recoverability refers to the system's ability to recover from performance degradation or failure. In this task, we mainly focus on developing an automated intrusion response system (IRS) for CPSs. We aim to design the IRS with effective and efficient responses by reducing a false alarm rate and defense cost, respectively. Specifically, We build a lightweight IRS for an in-vehicle controller area network (CAN) bus system operating with DRL-based autonomous driving.
|
10 |
RESPOSTAS AUTOMÁTICAS PARA MELHORIA DA SEGURANÇA EM SISTEMAS DE DETECÇÃO DE INTRUSOS / AUTOMATIC ANSWERS FOR IMPROVEMENT OF THE SECURITY IN DETECTION SYSTEMS OF INTRUDERSSANTOS, Glenda de Lourdes Ferreira dos 21 November 2003 (has links)
Made available in DSpace on 2016-08-17T14:52:54Z (GMT). No. of bitstreams: 1
Glenda de Lourdes Ferreira dos Santos.pdf: 972743 bytes, checksum: 111a2522d029325d266db2465a430638 (MD5)
Previous issue date: 2003-11-21 / The development of approaches for proving fast reactions against
intruders and attackers have been one of the most important requirements in the
critical defense of computer networks, since the intrusion occur quickly, demanding
reactions without human intervention. These approaches should be able to,
autonomously, respond to attacks and deal with several important aspects of the
computer security problem in order to reduce the system administrator s workload
Such approaches can offer larger reliability and effectiveness in the detection and
response processes, a higher rate of security to private networks, better defense
possibilities and, in addition, minimize the intruder's change of success.
This research work deals with the specification of a society of intelligent
agents for assessment and enhancement of intrusion response systems in computer
networks. The proposal of the model of intrusion response system (IRS) be based
on in several available architectures, in order to look for better solutions for the
problems faced in the modelling of a system of that level. With that, was modeled a
system to approach the main desirable functionalities for a system of active answers.
The system, as part of the NIDIA (Network Intrusion Detection System based on
Intelligent Agents) (Lima, 2001), is formed by a society of agents that are
responsible for the functions of identification of the characteristic of the attack, choice
of the best reaction strategy and for the execution of the response.The society is
composed by agents able to determine and apply automatically corrective actions
against attacks classified according to a given severity taxonomic model. In the
proposed model was looked for to define response to intrusions for abuse and for
anomaly to guarantee a lower robustness to the system. / O desenvolvimento de mecanismos para reações rápidas contra intrusos
tem sido um dos mais importantes requisitos na defesa crítica de redes de
computador, visto que estes agem rapidamente exigindo reações sem intervenção
humana. Tais mecanismos devem estar habitas a, automaticamente, responder um
ataque e lidar com o vários aspectos do problema de seguança de computadores, e
com isso reduzir a carga de trabalho do administrador do sistema. Semelhantes
características podem oferecer confiança e efetividade no processo de detecção e
resposta, alta taxa de segunça a redes privadas, melhores possibilidades de defesa
e, ainda, minimizar as chances do intruso.
Essa dissertação trata da especificação de uma sociedade de agentes para a
avaliação e aprimoramento de sistema de resposta de intrusão em redes de
computadores. A proposta de um modelo de sistema de resposta de intrusao(IRS) é
baseada em várias arquiteturas disponíveis na procura da melhor solução para os
problemas encontrados na modelagem de um sistema deste nível. Com isso, foi
modelado um sistema que contenha as principais funcionalidades desejáveis para
um de respostas ativas. O sistema, que faz parte do NIDIA(Network Intrusion
Detection System based on Intelligent Agents) (Lima, 2001), é formado por uma
sociedade de agentes que são responsáveis pelas funções de identificação das
características do ataque, escolha da melhor estratégia de reação a pela execução
resposta.A sociedade é composta por agentes artificiais aptos em determinar e
aplicar automaticamente ações, corretivas e preventivas, contra ataques
classificados de acordo com um modelo taxonômico de severidade. No modelo
proposto procurou-se definir respostas de intrusoes por abuso e por anomalia para
garantir maior robustes ao sistema.
|
Page generated in 0.0684 seconds