Title | Dynamic Countermeasure Knowledge for Intrusion Response Systems |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Hughes, Kieran, McLaughlin, Kieran, Sezer, Sakir |
Conference Name | 2020 31st Irish Signals and Systems Conference (ISSC) |
Date Published | jun |
Keywords | Automated, Automated Response Actions, composability, countermeasure, dynamic, intrusion, IRS, Knowledgebase, pubcrawl, Resiliency, Response |
Abstract | Significant advancements in Intrusion Detection Systems has led to improved alerts. However, Intrusion Response Systems which aim to automatically respond to these alerts, is a research area which is not yet advanced enough to benefit from full automation. In Security Operations Centres, analysts can implement countermeasures using knowledge and past experience to adapt to new attacks. Attempts at automated Intrusion Response Systems fall short when a new attack occurs to which the system has no specific knowledge or effective countermeasure to apply, even leading to overkill countermeasures such as restarting services and blocking ports or IPs. In this paper, a countermeasure standard is proposed which enables countermeasure intelligence sharing, automated countermeasure adoption and execution by an Intrusion Response System. An attack scenario is created on an emulated network using the Common Open Research Emulator, where an insider attack attempts to exploit a buffer overflow on an Exim mail server. Experiments demonstrate that an Intrusion Response System with dynamic countermeasure knowledge can stop attacks that would otherwise succeed with a static predefined countermeasure approach. |
DOI | 10.1109/ISSC49989.2020.9180198 |
Citation Key | hughes_dynamic_2020 |