TY - GEN
T1 - Scalable network intrusion detection and countermeasure selection in virtual network systems
AU - Hong, Jin B.
AU - Chung, Chun Jen
AU - Huang, Dijiang
AU - Kim, Dong Seong
N1 - Funding Information:
This research was sponsored by NSF grant #1528099, and also supported by the NATO Science for Peace & Security Multi-Year Project (MD.SFPP 984425).
Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services (e.g., privilege escalation attacks). Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models (e.g., Attack Graphs (AG)) do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model (HARM) in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.
AB - Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services (e.g., privilege escalation attacks). Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models (e.g., Attack Graphs (AG)) do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model (HARM) in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.
KW - Attack graphs
KW - Countermeasure selection
KW - Intrusion detection
KW - Network security
KW - Scalability
UR - http://www.scopus.com/inward/record.url?scp=84951994747&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84951994747&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-27161-3_53
DO - 10.1007/978-3-319-27161-3_53
M3 - Conference contribution
AN - SCOPUS:84951994747
SN - 9783319271606
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 582
EP - 592
BT - Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings
A2 - Perez, Gregorio Martinez
A2 - Zomaya, Albert
A2 - Li, Kenli
A2 - Wang, Guojun
PB - Springer Verlag
T2 - 15th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2015
Y2 - 18 November 2015 through 20 November 2015
ER -