FORECASTING DISTRIBUTED DENIAL OF SERVICE ATTACK USING HIDDEN MARKOV MODEL

Distributed denial of service (DDoS) attack bombards the network with loads of packets and requests that consumes the system resources in terms of time, memory, and processors. This paper presents a proposed method for forecasting DDoS in networks. The proposed model employs hidden Markov model (HMM) to forecast DDoS attacks. The method uses the inherent characteristic features of DDoS to determine the observable states of the system.To avoid intractable computations, Kullback-Leibler divergence algorithm was employed to reduce the number of observable states to three. The proposed model is formulated and trained through experiments using DARPA 2000 data set and the preliminary resultsshows that the characteristic features of the DDoS and the entropy concept can be used to formulate an HMM to predict DDoS

FORECASTING DISTRIBUTED DENIAL OF SERVICE ATTACK USING HIDDEN MARKOV MODEL

Distributed denial of service (DDoS) attack bombards the network with loads of packets and requests that consumes the system resources in terms of time, memory, and processors. This paper presents a proposed method for forecasting DDoS in networks. The proposed model employs hidden Markov model (HMM) to forecast DDoS attacks. The method uses the inherent characteristic features of DDoS to determine the observable states of the system.  To avoid intractable computations, Kullback-Leibler divergence algorithm was employed to reduce the number of observable states to three. The proposed model is formulated and trained through experiments using DARPA 2000 data set and the preliminary results shows that the characteristic features of the DDoS and the entropy concept can be used to formulate an HMM to predict DDoS

Dynamic risk assessment in IT environments: a decision guide

Security and reliability of information technologies have emerged as major concerns nowadays. Risk assessment, an estimation of negative impacts that might be imposed to a network by a series of potential sources, is one of the main tasks to ensure the security and is performed either statically or dynamically. Static risk assessment cannot satisfy the requirements of real-time and ubiquitous computing networks as it is pre-planned and does not consider upcoming changes such as the creation of new attack strategies. However, dynamic risk assessment (DRA) considers real-time evidences, being capable of diagnosing abnormal events in changing environments. Several DRA approaches have been proposed recently, but it is unclear which technique fits best into IT scenarios with different requirements. Thus, this chapter introduces recent trends in DRA, by analyzing 27 works and proposes a decision guide to help IT managers in choosing the most suitable DRA technique considering three illustrative scenarios – regular computer networks, internet of things, and industrial control systems

System Health Monitoring Using a Novel Method: Security Unified Process

Iterative and incremental mechanisms are not usually considered in existing approaches for information security management System (ISMS). In this paper, we propose SUP (security unified process) as a unified process to implement a successful and high-quality ISMS. A disciplined approach can be provided by SUP to assign tasks and responsibilities within an organization. The SUP architecture comprises static and dynamic dimensions; the static dimension, or disciplines, includes business modeling, assets, security policy, implementation, configuration and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization

System health monitoring using a novel method : security unified process

Iterative and incremental mechanisms are not usually considered in existing approaches for information security management System (ISMS). In this paper, we propose SUP (security unified process) as a unified process to implement a successful and highquality ISMS. A disciplined approach can be provided by SUP to assign tasks and responsibilities within an organization. The SUP architecture comprises static and dynamic dimensions; the static dimension, or disciplines, includes business modeling, assets, security policy, implementation, configuration and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization

Realtime Intrusion Risk Assessment Model based on Attack and Service Dependency Graphs

Network services are becoming larger and increasingly complex to manage. It is extremely critical to maintain the users QoS, the response time of applications, and critical services in high demand. On the other hand, we see impressive changes in the ways in which attackers gain access to systems and infect services. When an attack is detected, an Intrusion Response System (IRS) is responsible to accurately assess the value of the loss incurred by a compromised resource and apply the proper responses to mitigate attack. Without having a proper risk assessment, our automated IRS will reduce network performance, wrongly disconnect users from the network, or result in high costs for administrators reestablishing services, and become a DoS attack for our network, which will eventually have to be disabled. In this paper, we address these challenges and we propose a new model to combine the Attack Graph and Service Dependency Graph approaches to calculate the impact of an attack more accurately compared to other existing solutions. To show the effectiveness of our model, a sophisticated multi-step attack was designed to compromise a web server, as well as to acquire root privilege. Our results illustrate the efficiency of the proposed model and confirm the feasibility of the approach in real-time

Risk Management in Environment, Production and Economy

The term "risk" is very often associated with negative meanings. However, in most cases, many opportunities can present themselves to deal with the events and to develop new solutions which can convert a possible danger to an unforeseen, positive event. This book is a structured collection of papers dealing with the subject and stressing the importance of a relevant issue such as risk management. The aim is to present the problem in various fields of application of risk management theories, highlighting the approaches which can be found in literature