• PDF / 1,164,233 Bytes
• 20 Pages / 439.37 x 666.142 pts Page_size
• 4 Downloads / 149 Views

DOWNLOAD

REPORT

el´ecom Bretagne, rue de la Chataigneraie, 35510 Cesson-S´evign´e, France {layal.elsamarji,nora.cuppens,frederic.cuppens}@telecom-bretagne.eu 2 Alcatel-Lucent Bell Labs, Villarceaux, route de Villejust, 91620 Nozay, France {serge.papillon,wael.kanoun,samuel.dubus}@alcatel-lucent.com

Abstract. The growth of critical information systems in size and complexity has driven the research community to propose automated response systems. These systems must cope with the steady progress of the attacks’ sophistication, coordination and effectiveness. Unfortunately, existing response systems still handle attacks independently, suffering thereby from (i) efficiency issues against coordinated attacks (e.g. DDoS), (ii) conflicts between parallel responses, and (iii) unexpected side effects of responses on the system. We, thus, propose in this paper a new response model against simultaneous threats. Our response is dynamically designed based on a new definition of capability-aware logic anticorrelation, and modeled using the Situation Calculus (SC) language. Even though a response can prevent or reduce an attack scenario, it may also have side effects on the system and unintentionally ease one of the attackers to progress on its scenario. We address this issue by proposing a response co-simulator based on SC planning capabilities. This co-simulator considers each response candidate apart and reasons, from the current system’s and attackers’ state, to assess the achieved risk mitigation on the protected system. Experimentations were led to highlight the benefits of our solution. Keywords: Response system calculus

1

·

Simultaneous attacks

·

Situation

Introduction

Modern attack tools are rapidly evolving to become more powerful and sophisticated. Networks and information systems are frequently targeted by simultaneous attacks, which causes deterioration in system’s performance and induce great damage to physical assets. Simultaneous attacks are those performed by different attack entities. Each of them may be a single individual attacker or composed of a Group of Coordinated Attackers (GCA), with a specific attack objective in the system. When the attack entity is a GCA, the system risks to suffer from coordinated attacks [20]. Unfortunately, existing response systems c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part II, LNCS 9327, pp. 642–661, 2015. DOI: 10.1007/978-3-319-24177-7 32

On the Fly Design and Co-Simulation of Responses

643

proposals [7–9,17,19] still handle attacks as being independent actions, and each attack scenario is treated as if it is the only intrusion scenario in the system. Moreover, the majority of automated intrusion response systems rely on a predefined mapping of response actions to attacks. While this approach allows a system administrator to deal with intrusions faster, it lacks flexibility as “things do not always turn out the way we planned”. Besides, when responding to simultaneous attacks by activating parallel response measures, unexpected conflicts betwee

Recommend Documents

On the Robustness of Rating Aggregators Against Injection Attacks

162 66 22MB

Robust Tracking Against Adversarial Attacks

191 105 235MB

On the cosimulation of multibody systems and hydraulic dynamics

173 75 2MB

Simultaneous assessment of cytotoxic T lymphocyte responses against multiple viral infections by combined usage of optim

141 112 2MB

On defending against label flipping attacks on malware detection systems

171 50 2MB

Analysis of Countermeasures Against Access Driven Cache Attacks on AES

160 38 229KB

Defense Against Biological Attacks Volume II

205 28 7MB

Data Poisoning Attacks Against Federated Learning Systems

216 40 48MB

Assessing Adaptive Attacks Against Trained JavaScript Classifiers

172 98 34MB

Building Secure Defenses Against Code-Reuse Attacks

162 5 2MB

Defense Against Biological Attacks Volume I

179 13 4MB

Stronger Targeted Poisoning Attacks Against Malware Detection

175 82 25MB