An Attack Impact and Host Importance based Approach to Intrusion Response Action Selection

Tazar Hussain, Chris Nugent, Jun Liu, Alfie Beard, Liming Chen, Adrian Moore

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Downloads (Pure)

Abstract

Selecting appropriate actions is crucial for building effective Intrusion Response Systems (IRS) that can counter intrusions according to their priority level. Currently, the priority level of intrusions is determined manually, in a static manner, which is time consuming, ineffective and cannot scale with the growing number of attacks. In this paper we present an effective event prioritization methodology by encoding domain knowledge, namely attack impact and host importance, into features in terms of the confidentiality, integrity and availability (CIA). The proposed approach is demonstrated using a testbed architecture where a total of six features are generated from the domain knowledge and are labeled with appropriate response options. One set of features encodes attack impact in terms of its potential damage and its ability to propagate and another set of features encodes host importance in terms of data sensitivity, service criticality, number of connections and vulnerabilities on the basis of the CIA factors. The case study results indicate that the generated features help security analysts to select appropriate response options according to the priority level of events. Additionally, as a result of the methodology a labelled Intrusion Response (IR) dataset is generated. In future work we aim to use machine learning to analyze this dataset to infer actions automatically.
Original languageEnglish
Title of host publicationITCC '22: Proceedings of the 4th International Conference on Information Technology and Computer Communications
PublisherAssociation for Computing Machinery
Pages84-91
Number of pages8
ISBN (Electronic)9781450396820
ISBN (Print)978-1-4503-9682-0
DOIs
Publication statusPublished (in print/issue) - 23 Aug 2022
EventITCC 2022: 2022 4th International Conference on Information Technology and Computer Communications
- Guangzhou , China
Duration: 23 Jun 202225 Jun 2022
https://dl.acm.org/conference/itcc

Publication series

NameACM International Conference Proceeding Series

Conference

ConferenceITCC 2022: 2022 4th International Conference on Information Technology and Computer Communications
Abbreviated titleITCC
Country/TerritoryChina
CityGuangzhou
Period23/06/2225/06/22
Internet address

Bibliographical note

Funding Information:
This research work is supported by BTIIC (BT Ireland Innovation Centre), funded by BT and Invest Northern Ireland.

Publisher Copyright:
© 2022 Owner/Author.

Keywords

  • attack impact
  • CIA
  • event prioritization
  • host importance
  • Intrusion response Systems (IRS)

Fingerprint

Dive into the research topics of 'An Attack Impact and Host Importance based Approach to Intrusion Response Action Selection'. Together they form a unique fingerprint.

Cite this