Sciweavers

Share
DSN
2009
IEEE

RRE: A game-theoretic intrusion Response and Recovery Engine

8 years 8 months ago
RRE: A game-theoretic intrusion Response and Recovery Engine
Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the Response and Recovery Engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. RRE applies attack-response trees to analyze undesired security events and their countermeasures using Boolean logic to combine lower-level attack consequences. In addition, RRE accounts for uncertainties in intrusion detection alert notifications. RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. Experimental results show that RRE, using Snort's alerts, can protect large networks for which attack-response trees...
Saman A. Zonouz, Himanshu Khurana, William H. Sand
Added 17 Feb 2011
Updated 17 Feb 2011
Type Journal
Year 2009
Where DSN
Authors Saman A. Zonouz, Himanshu Khurana, William H. Sanders, Timothy M. Yardley
Comments (0)
books