A response toolkit to provide an active response against intrusions using Ontology-Based IRS

Autores/as

  • Danny S. Guamán Escuela Politécnica Nacional
  • Julio C. Caiza Escuela Politécnica Nacional
  • Verónica Mateos Universidad Técnica de Madrid

Resumen

Active response systems are intended to run an automatic response against an intrusion. However, running an automatic response is not a trivial task because the execution cost could cause a greater negative effect than the intrusion itself. Also, the system should have a broad set of responses and an algorithm to select the optimal response. This paper proposes a response toolkit that is integrated into an ontology-based IRS to allow automatic execution of the best response against a detected intrusion. A set of host-based and network-based responses that can be performed by an IRS is presented. The response execution is performed by several plugin-based agents that have been distributed over the network. The verification of this proposal is made in a defacement attack case with satisfactory results.
Keywords: Network security, intrusion response, active response.

RESUMEN
Los sistemas de respuesta activa tienen por objetivo ejecutar una respuesta en contra de una intrusión de forma automática. Sin embargo, ejecutar una respuesta automáticamente no es una tarea trivial ya que el costo de ejecutar una respuesta podría ser más grande que el efecto que cause la intrusión propiamente dicha. También, el sistema debe contar con un amplio conjunto de acciones de respuesta y un algoritmo que seleccione la respuesta óptima. Este artículo propone un toolkit de respuestas que será integrado a un IRS basado en Ontologías para permitir la ejecución automática de la mejor respuesta cuando una intrusión es detectada. Se presenta un conjunto de respuestas basadas en host y basadas en red que pueden ser ejecutadas por el IRS, dicha ejecución es llevada a cabo mediante agentes basados en plugins que han sido distribuidos en la red. Finalmente, se realiza la verificación del sistema propuesto, tomando como caso de uso un ataque de defacement obteniéndose resultados satisfactorios.
Palabras clave: Seguridad de redes, respuesta a intrusiones, respuestas activa.

Descargas

Los datos de descargas todavía no están disponibles.

Citas

Abdoli, F., M. Kahani, 2009. Ontology-based distributed intrusion detection system. In: Computer Conference, 2009. CSICC 2009. 14th International CSI (IEEE), 65-70.

Anuar, N.B., M. Papadaki, S. Furnell, N. Clarke, 2010. An investigation and survey of response options for Intrusion Response Systems (IRSs). In: Information Security for South Africa (ISSA), 1-8.

Broder, J.F., G. Tucker, 2011. Risk analysis and the security survey (4th ed.). Butterworth-Heinemann, Elsevier, 348 pp.

Galán, F., D. Fernández, W. Fuertes, M. Gómez, J.E.L. de Vergara, 2009. Scenario-based virtual network infrastructure management in research and educational testbeds with VNUML. Annals of Telecommunications-Annales Des Télécommunications, 64(5-6), 305-323.

Guamán L.D.S., V. Mateos, 2014. Arquitectura Distribuida para la Respuesta Automática a Intrusiones en un IRS Basado en Ontologías. Revista Politécnica, 33(1).

Han, H., X.-L. Lu, L.-Y. Ren, B. Chen, 2006. Taichi: An open intrusion automatic response system based on plugin. In: International Conference on Machine Learning and Cybernetics (IEEE), 66-77.

Ingham, K., S. Forrest, 2002. A history and survey of network firewalls. University of New Mexico, Tech. Rep., 42 pp.

Mallissery, S., J. Prabhu, R. Ganiga, 2011. Survey on intrusion detection methods. In: 3rd International Conference on Advances in Recent Technologies in Communication and Computing (ARTCom 2011), (IET), 224-228.

Mateos V., V. Villagrán, 2013. Application of ontologies and formal behavior definitions for automatic intrusion response systems. University of Murcia / Universidad Politécnica de Madrid, Spain, 9 pp.

Mateos, V., V. Villagrán, F. Romero, J. Berrocal, 2012. Definition of response metrics for an ontology-based automated intrusion response systems. Comput. Elec. Eng. 38(5), 1102-1114.

Mateos, V., V. Villagrán, F. Romero, 2010. Ontologies-based automated intrusion response system. In: Computational Intelligence in Security for Information Systems. Springer, 99-106.

Nazer, G.M., A.A.L. Selvakumar, 2011. Current intrusion detection techniques in information technology-a detailed analysis. EJSR, 65(4), 611-624.

Rowland, C.H., 2002. Intrusion detection system. Google Patents. Retrieved from http://www.google.com/patents/US6405318.
Shameli-Sendi, A., N. Ezzati-Jivan, M. Jabbarifar, M. Dagenais, 2012. Intrusion response systems: survey and taxonomy. IJCSNS, 12(1), 1-14.

Sirin, E., B. Parsia, B.C. Grau, A. Kalyanpur, Y. Katz, 2007. Pellet: A practical OWL-DL reasoner. Software Engineering and the Semantic Web, 5(2), 51-53.

Souag, A., C. Salinesi, I. Comyn-Wattiau, 2012. Ontologies for security requirements: A literature survey and classification. The 2nd International Workshop on Information Systems Security Engineering WISSE’12 in conjunction with the 24th International Conference on Advanced Information Systems Engineering (CAiSE’12), Gdansk, Poland, 8 pp.

Stakhanova, N., S. Basu, J. Wong, 2007. A cost-sensitive model for preemptive intrusion response systems. In: 21st International Conference on Advanced Information Networking and Applications (AINA ’07), 428-435.

Stakhanova, N., S. Basu, J. Wong, 2007. A taxonomy of intrusion response systems. International Journal of Information and Computer Security, 1(1), 169-184.

Tavallaee, M., N. Stakhanova, A.A. Ghorbani, 2010. Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, 40(5), 516-524.

Thames, J.L., R. Abler, D. Keeling, 2008. A distributed firewall and active response architecture providing preemptive protection. In: Proceedings of the 46th Annual Southeast Regional Conference on XX (ACM), 220-225.

Undercoffer, J., A. Joshi, J. Pinkston, 2003. Modeling computer attacks: An ontology for intrusion detection. In: Vigna, G., E. Jonsson, C. Kruegel (Eds.). Recent Advances in Intrusion Detection. RAID 2003, LNCS 2820, Springer-Verlag Berlin Heidelberg, 113-135.

Villagrán, V., 2009. Seguridad en Redes de Telecomunicación (1st ed.). España: Fundación Rogelio Segovia para el Desarrollo de las Telecomunicaciones.

Descargas

Publicado

2016-04-25

Cómo citar

Guamán, D. S., Caiza, J. C., & Mateos, V. (2016). A response toolkit to provide an active response against intrusions using Ontology-Based IRS. Maskana, 5(Ed. Esp.). Recuperado a partir de https://publicaciones.ucuenca.edu.ec/ojs/index.php/maskana/article/view/733