The Search for Optimality in Online Intrusion Response for a Distributed E-Commerce System

Get BibTex-formatted data

Download

PDF

Author

Yu-Sung Wu, Gaspar Modelo-Howard, Matthew Glause, Bingrui Foo, Saurabh Bagchi, Eugene Spafford

Tech report number

CERIAS TR 2007-94

Entry type

unpublished

Abstract

Providing automated responses to security incidents in a distributed computing environment has been an important area of research. This is due to the inherent complexity of such systems that makes it difficult to eliminate all vulnerabilities before deployment and costly to rely on humans for responding to incidents in real time. Here we formalize the process of providing automated responses in a distributed system and the criterion for asserting global optimality of the responses. We show that reaching the globally optimal solution is an NP-complete problem. Therefore we design a genetic algorithm framework for searching for good solutions. In the search for optimality, we exploit the similarities among attacks, and use the knowledge learnt from previous attacks to guide future search. The mechanism is demonstrated on a distributed e-commerce system called Pet Store with injection of real attacks and is shown to improve the survivability of the system over the previously reported ADEPTS system.

Download

PDF

Institution

Electrical & Computer Engineering

Key alpha

automated intrusion response, intrusion containment, optimal response, distributed e-commerce system, survivability

Organization

CERIAS

School

Engineering

Affiliation

Purdue University

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Unpublished{ automated intrusion response, intrusion containment, optimal response, distributed e-commerce system, survivability,
	title = "The Search for Optimality in Online Intrusion Response for a Distributed E-Commerce System",
	author = "Yu-Sung Wu, Gaspar Modelo-Howard, Matthew Glause, Bingrui Foo, Saurabh Bagchi, Eugene Spafford",
	institution = "Electrical & Computer Engineering",
	organization = "CERIAS",
	school = "Engineering",
	abstract = "Providing automated responses to security incidents in a distributed computing environment has been an important area of research. This is due to the inherent complexity of such systems that makes it difficult to eliminate all vulnerabilities before deployment and costly to rely on humans for responding to incidents in real time.
Here we formalize the process of providing automated responses in a distributed system and the criterion for asserting global optimality of the responses. We show that reaching the globally optimal solution is an NP-complete problem. Therefore we design a genetic algorithm framework for searching for good solutions. In the search for optimality, we exploit the similarities among attacks, and use the knowledge learnt from previous attacks to guide future search. The mechanism is demonstrated on a distributed e-commerce system called Pet Store with injection of real attacks and is shown to improve the survivability of the system over the previously reported ADEPTS system.
",
	affiliation = "Purdue University",
}