DEFIDNET: A framework for optimal allocation of cyberdefenses in Intrusion Detection Networks |
| |
| Affiliation: | 1. Sapienza University of Rome, Dipartimento di Informatica, via Salaria 113, Roma, Italy;2. Cybersecurity Research Department, Nokia Bell Labs, Paris, France;3. Università di Padova, Dipartimento di Matematica, via Trieste 63, Padova, Italy;4. IAC-CNR, via dei Taurini, 19, Roma 00185, Italy;5. Roma Tre University, Maths and Physics Department, Roma, Italy |
| |
| Abstract: | Intrusion Detection Networks (IDN) are distributed cyberdefense systems composed of different nodes performing local detection and filtering functions, as well as sharing information with other nodes in the IDN. The security and resilience of such cyberdefense systems are paramount, since an attacker will try to evade them or render them unusable before attacking the end systems. In this paper, we introduce a system model for IDN nodes in terms of their logical components, functions, and communication channels. This allows us to model different IDN node roles (e.g., detectors, filters, aggregators, correlators, etc.) and architectures (e.g., hierarchical, centralized, fully distributed, etc.). We then introduce a threat model that considers adversarial actions executed against particular IDN nodes, and also the propagation of such actions throughout connected nodes. Based on such models, we finally introduce a countermeasure allocation model based on a multi-objective optimization algorithm to obtain optimal allocation strategies that minimize both risk and cost. Our experimental results obtained through simulation with different IDN architectures illustrate the benefit of our framework to design and reconfigure cyberdefense systems optimally. |
| |
| Keywords: | Cooperative cyberdefense Evasion attacks Resilient cyberdefenses Adversarial settings |
| 本文献已被 ScienceDirect 等数据库收录! |
|
