A quantitative methodology for security monitor deployment

Uttam Thakore, Gabriel A. Weaver, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion detection and forensic analysis techniques depend upon monitors to collect information about possible attacks. Since monitoring can be expensive, however, monitors must be selectively deployed to maximize their overall utility. This paper introduces a methodology both to evaluate monitor deployments quantitatively in terms of security goals and to deploy monitors optimally based on cost constraints. First, we define a model that describes the system assets, deployable monitors, and the relationship between generated data and intrusions. Then, we define a set of metrics that quantify the utility and richness of monitor data with respect to intrusion detection and the cost associated with deployment. Finally, we formulate a method using our model and metrics to determine the cost-optimal, maximum-utility placement of monitors. We present an enterprise Web service use case and illustrate how our metrics can be used to determine optimal monitor deployments for a set of common attacks on Web servers. Our approach is scalable, being able to compute within minutes optimal monitor deployments for systems with hundreds of monitors and attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-12
Number of pages12
ISBN (Electronic)9781467388917
DOIs
StatePublished - Sep 29 2016
Event46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 - Toulouse, France
Duration: Jun 28 2016Jul 1 2016

Publication series

NameProceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016

Other

Other46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
CountryFrance
CityToulouse
Period6/28/167/1/16

Keywords

  • Computer security
  • Modeling
  • Monitor deployment
  • Monitoring
  • Resiliency
  • Security metrics

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'A quantitative methodology for security monitor deployment'. Together they form a unique fingerprint.

  • Cite this

    Thakore, U., Weaver, G. A., & Sanders, W. H. (2016). A quantitative methodology for security monitor deployment. In Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 (pp. 1-12). [7579725] (Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2016.10