Cost-aware systemwide intrusion defense via online forensics and on-demand detector deployment

Saman A. Zonouz, Kaustubh R. Joshi, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Balancing the coverage benefits of deploying multiple types of intrusion detection systems against their performance and false alarm costs is an important problem with practical ramifications for runtime security policy. In this position paper, we present an approach to "on-demand" deployment of intrusion detection systems by balancing detection coverage against cost and deploying an IDS only when it is needed. The proposed approach relies on often easy to detect symptoms of attacks, e.g., participation in a botnet or DDoS, and works backwards by iteratively deploying increasingly more localized and powerful detectors closer to the initial attack vector. We accomplish this by characterizing multiple IDS systems in a uniform framework based on their costs and detection capabilities and integrating them, for the first time, into an online system-wide forensics framework. We develop the basic elements of the framework and give an example of its envisioned operation.

Original languageEnglish (US)
Title of host publicationProceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10
Pages71-74
Number of pages4
DOIs
StatePublished - 2010
Event3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10 - Chicago, IL, United States
Duration: Oct 4 2010Oct 8 2010

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10
Country/TerritoryUnited States
CityChicago, IL
Period10/4/1010/8/10

Keywords

  • intrusion detection and forensics systems

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Cost-aware systemwide intrusion defense via online forensics and on-demand detector deployment'. Together they form a unique fingerprint.

Cite this