RRE: A game-theoretic intrusion Response and Recovery Engine

13 years 2 months ago

Download netfiles.uiuc.edu

Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the Response and Recovery Engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. RRE applies attack-response trees to analyze undesired security events and their countermeasures using Boolean logic to combine lower-level attack consequences. In addition, RRE accounts for uncertainties in intrusion detection alert notifications. RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. Experimental results show that RRE, using Snort's alerts, can protect large networks for which attack-response trees...

Saman A. Zonouz, Himanshu Khurana, William H. Sand

Real-time Traffic

Attack-response Trees | Computer Networks | DSN 2009 | Game-theoretic Response Strategy | Optimal Response Actions |

claim paper

Added	17 Feb 2011
Updated	17 Feb 2011
Type	Journal
Year	2009
Where	DSN
Authors	Saman A. Zonouz, Himanshu Khurana, William H. Sanders, Timothy M. Yardley

Sciweavers

RRE: A game-theoretic intrusion Response and Recovery Engine

Attack-response Trees | Computer Networks | DSN 2009 | Game-theoretic Response Strategy | Optimal Response Actions |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers