Network Defence Using Attacker-Defender Interaction Modelling

Network security is still lacking an efficient system which selects a response action based on observed security events and which is capable of running autonomously. The main reason for this is the lack of an effective defence strategy. In this Ph.D., we endeavour to create such a defence strategy. We propose to model the interaction between an attacker and a defender to comprehend how the attacker’s goals affect his actions and use the model as a basis for a more refined network defence strategy. We formulate the research questions that need to be answered and we discuss, how the answers to these questions relate to the proposed solution. This research is at the initial phase and will contribute to a Ph.D. thesis in four years

How well can I secure my system?

International audienceSecuring a system, being it a computer network, a physicalinfrastructure or an organization, is a very challenging task. In prac-tice, it is always constrained by available resources, e.g., budget, time, orman-power. An attack–defense tree is a security model allowing to reasonabout different strategies that an attacker may use to attack a system andpotential countermeasures that a defender could apply to defend againstsuch attacks. This work integrates the modeling power of attack–defensetrees with the strengths of integer linear programming techniques. Wedevelop a framework that, given the overall budget allocated for thesystem’s protection, suggests which countermeasures should be imple-mented to secure the system in the best way possible. We lay downformal foundations for our framework and implement a proof of concepttool automating the solving of relevant optimization problems

Estimating the risk of fraud against e-services

Industry is continuously developing, deploying, and maintaining e-services to transform traditional offerings. While protection of traditional services is well understood, their digital transformation often is vulnerable to known and new attacks. These vulnerabilities open the door for fraudsters to exploit the weaknesses of the new systems and associated services, causing losses of billions of dollars for global economy. This development is caused by the ease of developing new offerings, and the difficulty of performing thorough risk assessment during their design and development. Traditional risk assessment methodologies need to be enhanced to include threat scenarios faced by e-services, and to enable them to match the short development timeframes and to inform the decision-making process. In this paper we present a fraud risk estimation approach addresses these requirements. Based on a list of threat scenarios, our approach calculates the potential risk using pre-computed risk factors, and visualises the analysis result for an informed decision making. In doing so, our approach increases visibility and awareness of fraud risks, and reduces the time spent to calculate potential risks at the design level and throughout development. Together, these properties make our fraud risk estimation approach ideally suited for constantly applied, iterative risk analysis

PIRIDS: A Model on Intrusion Response System Based on Biologically Inspired Response Mechanism in Plants

Intrusion Detection Systems (IDS) are one of the primary components in keeping a network secure. They are classified into different forms based on the nature of their functionality such as Host based IDS, Network based IDS and Anomaly based IDS. However, Literature survey portrays different evasion techniques of IDS. Thus it is always important to study the responsive behavior of IDS after such failures. The state of the art shows that much work have been done on IDS on contrary to little on Intrusion Response System (IRS). In this paper we propose a model of IRS based on the inspiration derived from the functioning of defense and response mechanism in plants such Systemic Acquired Resistance (SAR). The proposed model is the first attempt of its kind with the objective to develop an efficient response mechanism in a network subsequent to the failure of IDS, adopting plants as a source of inspiration