Selecting appropriate actions is crucial for building effective Intrusion Response Systems (IRS) that can counter intrusions according to their priority level. Currently, the priority level of intrusions is determined manually, in a static manner, which is time consuming, ineffective and cannot scale with the growing number of attacks. In this paper we present an effective event prioritization methodology by encoding domain knowledge, namely attack impact and host importance, into features in terms of the confidentiality, integrity and availability (CIA). The proposed approach is demonstrated using a testbed architecture where a total of six features are generated from the domain knowledge and are labeled with appropriate response options. One set of features encodes attack impact in terms of its potential damage and its ability to propagate and another set of features encodes host importance in terms of data sensitivity, service criticality, number of connections and vulnerabilities on the basis of the CIA factors. The case study results indicate that the generated features help security analysts to select appropriate response options according to the priority level of events. Additionally, as a result of the methodology a labelled Intrusion Response (IR) dataset is generated. In future work we aim to use machine learning to analyze this dataset to infer actions automatically.
|Title of host publication||ITCC '22: Proceedings of the 4th International Conference on Information Technology and Computer Communications|
|Publisher||Association for Computing Machinery|
|Number of pages||8|
|Publication status||Published (in print/issue) - 23 Aug 2022|
|Event||ITCC 2022: 2022 4th International Conference on Information Technology and Computer Communications|
- Guangzhou , China
Duration: 23 Jun 2022 → 25 Jun 2022
|Name||ACM International Conference Proceeding Series|
|Conference||ITCC 2022: 2022 4th International Conference on Information Technology and Computer Communications|
|Period||23/06/22 → 25/06/22|
Bibliographical noteFunding Information:
This research work is supported by BTIIC (BT Ireland Innovation Centre), funded by BT and Invest Northern Ireland.
© 2022 Owner/Author.
- attack impact
- event prioritization
- host importance
- Intrusion response Systems (IRS)