Dynamic countermeasure knowledge for intrusion response systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

Significant advancements in Intrusion Detection Systems has led to improved alerts. However, Intrusion Response Systems which aim to automatically respond to these alerts, is a research area which is not yet advanced enough to benefit from full automation. In Security Operations Centres, analysts can implement countermeasures using knowledge and past experience to adapt to new attacks. Attempts at automated Intrusion Response Systems fall short when a new attack occurs to which the system has no specific knowledge or effective countermeasure to apply, even leading to overkill countermeasures such as restarting services and blocking ports or IPs. In this paper, a countermeasure standard is proposed which enables countermeasure intelligence sharing, automated countermeasure adoption and execution by an Intrusion Response System. An attack scenario is created on an emulated network using the Common Open Research Emulator, where an insider attack attempts to exploit a buffer overflow on an Exim mail server. Experiments demonstrate that an Intrusion Response System with dynamic countermeasure knowledge can stop attacks that would otherwise succeed with a static predefined countermeasure approach.

Original languageEnglish
Title of host publicationProceedings of the 31st Irish Signals and Systems Conference, ISSC 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781728194189
ISBN (Print)9781728194196
DOIs
Publication statusPublished - 31 Aug 2020
Event31st Irish Signals and Systems Conference 2020 - Letterkenny, Ireland
Duration: 11 Jun 202012 Jun 2020

Publication series

NameIrish Signals and Systems Conference Proceedings
ISSN (Print)2688-1446
ISSN (Electronic)2688-1454

Conference

Conference31st Irish Signals and Systems Conference 2020
Abbreviated titleISSC 2020
Country/TerritoryIreland
CityLetterkenny
Period11/06/202012/06/2020

Keywords

  • automated
  • countermeasure
  • dynamic
  • intrusion
  • IRS
  • knowledgebase
  • response

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Signal Processing

Fingerprint

Dive into the research topics of 'Dynamic countermeasure knowledge for intrusion response systems'. Together they form a unique fingerprint.

Cite this