Manuscript Number : IJSRSET1622401
Anomaly Based Network Security Using Response and Recovery Engine
Authors(5) :-Ganesh Ghodke, Vaibhav Sarode, Sagar Valmiki, Prof. Patil S. S., Prof. Kothawale G. S.
The security of the network reduces due to increase in the size of the network, there are many intrusion detection and intrusion response strategies which are carried on the basis to find and stop the intruders in the network such as local and global. Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection techniques and also in automated response techniques. Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the response and recovery engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. The RRE applies attack-response trees (ART) to analyze undesired system-level security events within host computers and their countermeasures using Boolean logic to combine lower level attack consequences. In addition, the RRE accounts for uncertainties in intrusion detection alert notifications.The RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. To support network-level multiobjective response selection and consider possibly conflicting network security properties, we employ fuzzy logic theory to calculate the network-level security metric values, i.e., security levels of the system’s current and potentially future states in each stage of the game. In particular, inputs to the network levelgame-theoretic response selection engine, are first fed into the fuzzy system that is in charge of a nonlinear inference and quantitative ranking of the possible actions using its previously defined fuzzy rule set. Consequently, the optimal network-levelresponse actions are chosen through a game-theoretic optimization process. Experimental results show that the RRE, using Snort’s alerts, can protect large networks for which attack-response trees have more than 500 nodes.
Ganesh Ghodke
Technical Keywords: Stackelberg game, ART trees, RRE engine, Markov Decision making, fuzzy rule set. Intrusion response systems, network state estimation,
Publication Details
Published in :
Volume 2 | Issue 3 | May-June 2016 Article Preview
Al-Ameen College of Engineering, Koregaon Bhima, Savitribai Phule Pune University, Pune, India
Vaibhav Sarode
Al-Ameen College of Engineering, Koregaon Bhima, Savitribai Phule Pune University, Pune, India
Sagar Valmiki
Al-Ameen College of Engineering, Koregaon Bhima, Savitribai Phule Pune University, Pune, India
Prof. Patil S. S.
Al-Ameen College of Engineering, Koregaon Bhima, Savitribai Phule Pune University, Pune, India
Prof. Kothawale G. S.
Al-Ameen College of Engineering, Koregaon Bhima, Savitribai Phule Pune University, Pune, India
Date of Publication :
2016-06-30
License: This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) :
188-195
Manuscript Number :
IJSRSET1622401
Publisher : Technoscience Academy
Journal URL :
https://ijsrset.com/IJSRSET1622401