Dynamic Countermeasure Knowledge for Intrusion Response Systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Significant advancements in Intrusion Detection Systems has led to improved alerts. However, Intrusion Response Systems which aim to automatically respond to these alerts, is a research area which is not yet advanced enough to benefit from full automation. In Security Operations Centres, analysts can implement countermeasures using knowledge and past experience to adapt to new attacks. Attempts at automated Intrusion Response Systems fall short when a new attack occurs to which the system has no specific knowledge or effective countermeasure to apply, even leading to overkill countermeasures such as restarting services and blocking ports or IPs. In this paper, a countermeasure standard is proposed which enables countermeasure intelligence sharing, automated countermeasure adoption and execution by an Intrusion Response System. An attack scenario is created on an emulated network using the Common Open Research Emulator, where an insider attack attempts to exploit a buffer overflow on an Exim mail server. Experiments demonstrate that an Intrusion Response System with dynamic countermeasure knowledge can stop attacks that would otherwise succeed with a static predefined countermeasure approach.

Original languageEnglish
Title of host publication2020 31st Irish Signals and Systems Conference, ISSC 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728194189
DOIs
Publication statusPublished - 31 Aug 2020
Event31st Irish Signals and Systems Conference, ISSC 2020 - Letterkenny, Ireland
Duration: 11 Jun 202012 Jun 2020

Publication series

Name2020 31st Irish Signals and Systems Conference, ISSC 2020
PublisherIEEE
ISSN (Electronic)2688-1454

Conference

Conference31st Irish Signals and Systems Conference, ISSC 2020
CountryIreland
CityLetterkenny
Period11/06/202012/06/2020

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.

Keywords

  • automated
  • countermeasure
  • dynamic
  • intrusion
  • IRS
  • knowledgebase
  • response

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Signal Processing

Fingerprint

Dive into the research topics of 'Dynamic Countermeasure Knowledge for Intrusion Response Systems'. Together they form a unique fingerprint.

Cite this