Internet of Things (IoT) applications are key targets for cyberattacks, which will cost $31bn by 2025. A considerable amount of research has been undertaken on detecting cyberattacks, mainly through Intrusion Detection Systems (IDS), which focus on detecting cyberattacks in real time. On the other hand, Intrusion Response Systems (IRS) deploy automated responses to mitigate detected attacks. IRSs use various techniques to select appropriate actions to detected attacks in order to mitigate against the effects of the attack. However, little attention has been paid to verifying the selected action before deployment. Deploying inappropriate actions can lead to unnecessary damage. Action verification ensures that actions and incidents are in agreement before deploying the actions for that specific incident. It also verifies that the selected actions are appropriate for the incident they’re linked with. In this paper, we propose a test-driven action verification method for action selection. Specifically, we characterize and explicitly model the impact of an attack and an action on the confidentiality, integrity and availability of a host. We then establish an action verification model to calculate action selection scores based on a carefully designed test. The approach is tested and evaluated in a real-world IoT scenario, and initial results demonstrate its effectiveness.
|Title of host publication||Proceedings - 2023 IEEE International Conference on Metaverse Computing, Networking and Applications, MetaCom 2023|
|Number of pages||5|
|Publication status||Published (in print/issue) - 6 Oct 2023|
|Name||Proceedings - 2023 IEEE International Conference on Metaverse Computing, Networking and Applications, MetaCom 2023|
Bibliographical notePublisher Copyright:
© 2023 IEEE.
- Action verification
- Internet of Things
- Intrusion Response System
- Knowledge-driven decision making
- Test-driven analysis