4 research outputs found
A framework for cost-sensitive automated selection of intrusion response
In recent years, cost-sensitive intrusion response has gained
significant interest due to its emphasis on the balance between
potential damage incurred by the intrusion and cost of the response.
However, one of the challenges in applying this approach is defining a
consistent and adaptable measurement framework to evaluate the expected
benefit of a response. In this thesis we present a model and framework
for the cost-sensitive assessment and selection of intrusion response.
Specifically, we introduce a set of measurements that characterize the
potential costs associated with the intrusion handling process, and
propose an intrusion response evaluation method with respect to the risk
of potential intrusion damage, the effectiveness of the response action
and the response cost for a system. The proposed framework has the
important quality of abstracting the system security policy from the
response selection mechanism, permitting policy adjustments to be made
without changes to the model. We provide an implementation of the
proposed solution as an IDS-independent plugin tool, and demonstrate its
advantages over traditional static response systems and an existing
dynamic response system
Integrated security sub-system for IPBrick
Estágio realizado na iPortalMais e orientado pelo Eng.º Hélder RochaTese de mestrado integrado. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200
Intensional Cyberforensics
This work focuses on the application of intensional logic to cyberforensic
analysis and its benefits and difficulties are compared with the
finite-state-automata approach. This work extends the use of the intensional
programming paradigm to the modeling and implementation of a cyberforensics
investigation process with backtracing of event reconstruction, in which
evidence is modeled by multidimensional hierarchical contexts, and proofs or
disproofs of claims are undertaken in an eductive manner of evaluation. This
approach is a practical, context-aware improvement over the finite state
automata (FSA) approach we have seen in previous work. As a base implementation
language model, we use in this approach a new dialect of the Lucid programming
language, called Forensic Lucid, and we focus on defining hierarchical contexts
based on intensional logic for the distributed evaluation of cyberforensic
expressions. We also augment the work with credibility factors surrounding
digital evidence and witness accounts, which have not been previously modeled.
The Forensic Lucid programming language, used for this intensional
cyberforensic analysis, formally presented through its syntax and operational
semantics. In large part, the language is based on its predecessor and
codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective
Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD
thesis; v2 corrects some typos and refs; also available on Spectrum at
http://spectrum.library.concordia.ca/977460