80,863 research outputs found
A framework for cost-sensitive automated selection of intrusion response
In recent years, cost-sensitive intrusion response has gained
significant interest due to its emphasis on the balance between
potential damage incurred by the intrusion and cost of the response.
However, one of the challenges in applying this approach is defining a
consistent and adaptable measurement framework to evaluate the expected
benefit of a response. In this thesis we present a model and framework
for the cost-sensitive assessment and selection of intrusion response.
Specifically, we introduce a set of measurements that characterize the
potential costs associated with the intrusion handling process, and
propose an intrusion response evaluation method with respect to the risk
of potential intrusion damage, the effectiveness of the response action
and the response cost for a system. The proposed framework has the
important quality of abstracting the system security policy from the
response selection mechanism, permitting policy adjustments to be made
without changes to the model. We provide an implementation of the
proposed solution as an IDS-independent plugin tool, and demonstrate its
advantages over traditional static response systems and an existing
dynamic response system
Multivariate Statistical Network Monitoring-Sensor: An effective tool for real-time monitoring and anomaly detection in complex networks and systems
Technology evolves quickly. Low-cost and ready-to-connect devices are designed to provide new services and applications. Smart grids or smart health care systems are some examples of these applications. In this totally connected scenario, some security issues arise due to the large number of devices and communications. In this way, new solutions for monitoring and detecting security events are needed to address new challenges brought about by this scenario, among others, the real-time requirement allowing quick security event detection and, consequently, quick response to attacks. In this sense, Intrusion Detection Systems are widely used though their evaluation often relies on the use of predefined network datasets that limit their application in real environments. In this work, a real-time and ready-to-use tool for monitoring and detecting security events is introduced. The Multivariate Statistical Network Monitoring-Sensor is based on the Multivariate Statistical Network Monitoring methodology and provides an alternative way for evaluating Multivariate Statistical Network Monitoring-based Intrusion Detection System solutions. Experimental results based on the detection of well-known attacks in hierarchical network systems prove the suitability of this tool for complex scenarios, such as those found in smart cities or Internet of Things ecosystem
Engineering Crowdsourced Stream Processing Systems
A crowdsourced stream processing system (CSP) is a system that incorporates
crowdsourced tasks in the processing of a data stream. This can be seen as
enabling crowdsourcing work to be applied on a sample of large-scale data at
high speed, or equivalently, enabling stream processing to employ human
intelligence. It also leads to a substantial expansion of the capabilities of
data processing systems. Engineering a CSP system requires the combination of
human and machine computation elements. From a general systems theory
perspective, this means taking into account inherited as well as emerging
properties from both these elements. In this paper, we position CSP systems
within a broader taxonomy, outline a series of design principles and evaluation
metrics, present an extensible framework for their design, and describe several
design patterns. We showcase the capabilities of CSP systems by performing a
case study that applies our proposed framework to the design and analysis of a
real system (AIDR) that classifies social media messages during time-critical
crisis events. Results show that compared to a pure stream processing system,
AIDR can achieve a higher data classification accuracy, while compared to a
pure crowdsourcing solution, the system makes better use of human workers by
requiring much less manual work effort
Intrusion-aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks
Existing anomaly and intrusion detection schemes of wireless sensor networks
have mainly focused on the detection of intrusions. Once the intrusion is
detected, an alerts or claims will be generated. However, any unidentified
malicious nodes in the network could send faulty anomaly and intrusion claims
about the legitimate nodes to the other nodes. Verifying the validity of such
claims is a critical and challenging issue that is not considered in the
existing cooperative-based distributed anomaly and intrusion detection schemes
of wireless sensor networks. In this paper, we propose a validation algorithm
that addresses this problem. This algorithm utilizes the concept of
intrusion-aware reliability that helps to provide adequate reliability at a
modest communication cost. In this paper, we also provide a security resiliency
analysis of the proposed intrusion-aware alert validation algorithm.Comment: 19 pages, 7 figure
- …