The security of the network reduces due to increase in the size of the network, there are many intrusion detection and intrusion response strategies which are carried on the basis to find and stop the intruders in the network such as local and global. Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection techniques and also in automated response techniques. Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the response and recovery engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. The RRE applies attack-response trees(ART) to analyze undesired system-level security events within host computers and their countermeasures using Boolean logic to combine lower level attack consequences. In addition, the RRE accounts for uncertainties in intrusion detection alert notifications. The RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. To support network-level multiobjective response selection and consider possibly conflicting network security properties, we employ fuzzy logic theory to calculate the network-level security metric values, i.e., security levels of the systemís current and potentially future states in each stage of the game. In particular, inputs to the networklevelgame-theoretic response selection engine, are first fed into the fuzzy system that is in charge of a nonlinear inference and quantitative ranking of the possible actions using its previously defined fuzzy rule set. Consequently, the optimal network-levelresponse actions are chosen through a game-theoretic optimization process. Experimental results show that the RRE, using Snortís alerts, can protect large networks for which attack-response trees have more than 500 nodes.
Ganesh Ghodke, Vaibhav Sarode, Sagar Valmiki, Prof. Patil S. S., Prof. Kothawale G. S.
Stackelberg game, ART trees, RRE engine, Markov Decision making, fuzzy rule set. Intrusion response systems, network state estimation.
- Devi Parikh, Tsuhan Chen,"Data Fusion and Cost Minimization for Intrusion Detection". IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 3, NO. 3, SEP 2008 pp 381-389
- Fu-Wen Chen and Jung-Chun Kao "Game-Based Broadcast over Reliable and Unreliable Wireless Links in Wireless Multihop Networks" IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 12, NO. 8, AUG 2013 pp 1613-1624
- Kai Hwang, Min Cai, Ying Chen,and Min Qin"Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. "IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 4, NO. 1, JAN-MAR 2007. Pp 41-55
- Nicola Basilico, Nicola Gatti, Mattia Monga, and Sabrina Sicari2014 "Security Games for Node Localization through Verifiable Multilateration " IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 1, JAN / FEB pp 72-85
- O. Patrick Kreidl, and Tiffany M. Frazier, "Feedback Control Applied to Survivability: A Host-Based Autonomic Defense System."IEEE TRANSACTIONS ON RELIABILITY, VOL. 53, NO. 1, MAR 2004. pp.148-166,
- Paul C. van Oorschot, Amirali Salehi-Abari, and Julie Thorpe" Purely Automated Attacks on PassPoints Style Graphical Passwords "IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY,VOL. 5, NO. 3, SEP 2010 pp 393-405
- Shi-Jay Chen and Shyi-Ming Chen,"Fuzzy Risk Analysis Based on Similarity Measures of Generalized Fuzzy Numbers." IEEE TRANSACTIONS ON FUZZY SYSTEMS, VOL. 11, NO. 1, FEB 2003. Pp 45-56
- Tatyana Ryutov, Clifford Neuman, Dongho Kim, and Li Zhou "Integrated Access Control and Intrusion Detection for Web Servers." IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,VOL. 14, NO. 9, SEP 2003.pp 841-841
- Vivek Raghunathan and P.R. Kumar "Wardrop Routing in Wireless Networks ", IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 8, NO. 5, MAY 2009 pp 636-652
- Zhenxin Zhan, Maochao Xu, and Shouhuai Xu"Characterizing Honeypot-Captured Cyber Attacks:Statistical Framework and Case Study" IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOV 2013 pp 1775-118,
- P. Porras and P. Neumann, "EMERALD: Event Monitoring Enabling Responses to Anomalous LiveDisturbances," Proc. Information Systems Security Conf., 1997. pp.353-65,
- D. Ragsdale, C. Carver, J. Humphries, and U. Pooch, "Adaptation Techniques for Intrusion Detection and Intrusion Response System," Proc. IEEE Int’l Conf. Systems Man, and Cybernetics, 2000. pp. 2344-2349,
- I. Balepin, S. Maltsev, J. Rowe, and K. Levitt, "Using Specification- Based Intrusion Detection for Automated Response," Proc. Int’l Symp. Recent Advances in Intrusion Detection, pp. 136-154, 2003.14M. Bloem, T. Alpcan, and T. Basar, "Intrusion Response as a Resource Allocation Problem," Proc. Conf Decision and Control, pp. 6283-6288, 2006
- saman a. zonouz, himanshu khurana, william h. Sanders and timothy m. yardley"RRE: a game-theoretic intrusion response and recovery engine" IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, vol. 25, no. 2, february 2014 pp 395-406.
- K. Lye and J. Wing, "Game Strategies in Network Security," Int’l J. Information Security, vol. 4, pp. 71-86, 2005.
|Published in :
||Volume 2 | Issue 1 | January-February - 2016
|Date of Publication
Cite This Article
Ganesh Ghodke, Vaibhav Sarode, Sagar Valmiki, Prof. Patil S. S., Prof. Kothawale G. S., "A Review - Anomaly Based Network Security Using Response Recovery Engine", International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 1, pp.601-608, January-February-2016.
URL : http://ijsrset.com/IJSRSET1621150.php