We present a rule-based system to dynamically deploy countermeasures against privilege escalations where a rule includes some n-grams and a countermeasure. An n-gram consists of n consecutive attacks. A rule deploys the countermeasure as soon as all the attacks in its n-grams are detected. After discussing the discovery of escalations, we show how to compute the rules starting from the escalations to stop and those we may neglect because they cannot reach a goal. We also evaluate the false positive rate and false negative one of attack detection affect the proposed approach. Lastly, we describe a preliminary evaluation using data from an industrial control system.
Using S-Rules to Fire Dynamic Countermeasure
fabrizio baiardi
Primo
Membro del Collaboration Group
2017-01-01
Abstract
We present a rule-based system to dynamically deploy countermeasures against privilege escalations where a rule includes some n-grams and a countermeasure. An n-gram consists of n consecutive attacks. A rule deploys the countermeasure as soon as all the attacks in its n-grams are detected. After discussing the discovery of escalations, we show how to compute the rules starting from the escalations to stop and those we may neglect because they cannot reach a goal. We also evaluate the false positive rate and false negative one of attack detection affect the proposed approach. Lastly, we describe a preliminary evaluation using data from an industrial control system.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.