MAE Room 126
601 Gale Lemerand
Gainesville, FL 32611
The continuous increase in the quantity and sophistication of cyber-attacks is making it more difficult and error-prone for system administrators to handle the alerts generated by Intrusion Detection Systems (IDSs). To deal with this problem, several Intrusion Response Systems (IRSs) have been proposed. An IRS extends an IDS by providing an automatic response to a detected attack. Such a response is usually selected either with a static attack-response mapping or by quantitatively evaluating all the available responses, given a set of pre-defined criteria. In this presentation, we introduce a probabilistic model-based IRS built on the Markov Decision Process (MDP) framework. In contrast with most existing approaches to intrusion response, the proposed IRS effectively captures the dynamics of both the defended system and the attacker and is able to compose atomic response actions to plan optimal multi-objective long-term response policies to protect the system. We evaluate the effectiveness of the proposed IRS by showing that long-term response planning always outperforms short-term planning and we conduct a performance assessment to show that the proposed IRS can be adopted to protect large distributed systems at run-time.
Stefano Iannucci is an Assistant Professor of Computer Science and Engineering at Mississippi State University and an affiliated member of the Center for Cyber Innovation (CCI) department of the High-Performance Computing Collaboratory at Mississippi State. He received his Ph.D. in 2015 from the University of Rome “Tor Vergata”. His research focuses on cyber-security automation, autonomic computing, Internet of Things, performance modeling and benchmarking. He has published over 20 papers in top journals and conferences. Dr. Iannucci has chaired several international workshops and served as the workshop chair for IEEE ICCAC, one of the leading conferences in autonomic computing.