The Search for Optimality in Online Intrusion Response for a Distributed E-Commerce System
Author
Yu-Sung Wu, Gaspar Modelo-Howard, Matthew Glause, Bingrui Foo, Saurabh Bagchi, Eugene Spafford
Tech report number
CERIAS TR 2007-94
Abstract
Providing automated responses to security incidents in a distributed computing environment has been an important area of research. This is due to the inherent complexity of such systems that makes it difficult to eliminate all vulnerabilities before deployment and costly to rely on humans for responding to incidents in real time.
Here we formalize the process of providing automated responses in a distributed system and the criterion for asserting global optimality of the responses. We show that reaching the globally optimal solution is an NP-complete problem. Therefore we design a genetic algorithm framework for searching for good solutions. In the search for optimality, we exploit the similarities among attacks, and use the knowledge learnt from previous attacks to guide future search. The mechanism is demonstrated on a distributed e-commerce system called Pet Store with injection of real attacks and is shown to improve the survivability of the system over the previously reported ADEPTS system.
Institution
Electrical & Computer Engineering
Key alpha
automated intrusion response, intrusion containment, optimal response, distributed e-commerce system, survivability
Affiliation
Purdue University
Publication Date
2001-01-01