More Web Proxy on the site http://driver.im/

research-article

Autonomic and Integrated Management for Proactive Cyber Security (AIM-PSC)

Authors:

Fabian De La Peña Montero,

Salim HaririAuthors Info & Claims

UCC '17 Companion: Companion Proceedings of the10th International Conference on Utility and Cloud Computing

Pages 107 - 112

https://doi.org/10.1145/3147234.3148137

Published: 05 December 2017 Publication History

Abstract

The complexity, multiplicity, and impact of cyber-attacks have been increasing at an alarming rate despite the significant research and development investment in cyber security products and tools. The current techniques to detect and protect cyber infrastructures from these smart and sophisticated attacks are mainly characterized as being ad hoc, manual intensive, and too slow. We present in this paper AIM-PSC that is developed jointly by researchers at AVIRTEK and The University of Arizona Center for Cloud and Autonomic Computing that is inspired by biological systems, which can efficiently handle complexity, dynamism and uncertainty. In AIM-PSC system, an online monitoring and multi-level analysis are used to analyze the anomalous behaviors of networks, software systems and applications. By combining the results of different types of analysis using a statistical decision fusion approach we can accurately detect any types of cyber-attacks with high detection and low false alarm rates and proactively respond with corrective actions to mitigate their impacts and stop their propagation.

References

[1]

Mike Snider and Elizabeth Weise. 500 million Yahoo accounts breached. Retrieved August 11, 2017 from http://www.usatoday.com/story/tech/2016/09/22/report-yahoo-may-confirm-massive-data-breach/90824934

[2]

Robert Hackett. 2016. Quest Diagnostics Breach Exposes Health Data of 34,000 Customers. (December 2016). Retrieved August 11, 2017 from http://fortune.com/2016/12/13/quest-diagnostics-data-breach-health/

[3]

Elizabeth Weise. 360 million Myspace accounts breached. Retrieved August 11, 2017 from http://www.usatoday.com/story/tech/2016/05/31/360-million-myspace-accounts-breached/85183200/

[4]

Ponemon Institute LLC. 2015. 2015 Cost of Data Breach Study: Global Analysis. (May 2015).

[5]

Chen, H., Al-Nashif, Y., Qu, G., and Hariri, S., "Self-Configuration of Network Security". EDOC 2007: 97--110

Digital Library

[6]

Hariri, S., Khargharia, B., Chen, H., Yang, J., Zhang, Y., Parashar, M., and Liu, H., "The Autonomic Computing Paradigm". Cluster Computing 9(1): 5--17 (2006)

Digital Library

[7]

Gordon Lyon. The Official Nmap Project Guide to Network Discovery and Security Scanning. Retrieved August 11, 2017 from https://nmap.org/book/manport-scanning-techniques.html

Digital Library

[8]

G. Vigna and R. Kemmerer, "NetStat: A Network-Based Intrusion Detection Approach", In Proceedings of the 14th Annual Information Theory: 50 Years of Discovery Computer Security Application Conference, Dec. 1998.

Digital Library

[9]

U. Lindqvista and P.A. Porras, "Detecting Computer and Network Misuse through the Production-Based Expert System Toolset (P-BEST)", In Proceedings of the 1999 IEEE Symposium on Security and Privacy. pp. 146--161.

[10]

V. Paxson, Bro: a system for detecting network intruders in real-time. Computer Networks (Amsterdam, Netherlands: 1999), 31(23--24):2435--2463, 1999.

Digital Library

[11]

C.J. Coit, S. Staniford, and J. McAlerney. "Towards faster string matching for intrusion detection or exceeding the speed of snort". In Proceedings of the DARPA Information Survivability Conference & Exposition II, DISCEX '01, volume 1, pages 367--373.

[12]

R. Sommer and V. Paxson. "Enhancing byte-level network intrusion detection signatures with context", 2003.

[13]

L. Ertöz, E. Eilertson, A. Lazarevic, P. Tan, V. Kumar, J. Srivastava, and P. Dokas, "Minds - minnesota intrusion detection system".

[14]

D. E. Denning, "An intrusion-detection model", IEEE Trans. Softw. Eng., 13(2):222--232, 1987.

Digital Library

[15]

H. S. Javitz and A. Valdes, "The nides statistical component: Description and justification", Technical Report, SRI International Menlo Park, California, 1994.

[16]

T.F. Lunt and R. Jagannathan, "A prototype real-time intrusion-detection expert system", In Proceedings of the IEEE Symposium on Security and Privacy, 1988, pages 18--21, 1988.

Digital Library

[17]

D. Anderson, T. F. Lunt, H. Javitz, A. Tamaru, and A. Valdes, "Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system nides", Technical Report SRI-CSL-95-06, Computer Science Laboratory, SRI International, 1995.

[18]

P.A. Porras and P.G. Neumann, "Emerald: Event monitoring enabling responses to anomalous live disturbances", In Proceedings of the National Information Systems Security Conference 1997, pages 353--365, 1997.

[19]

S. Staniford, J. A. Hoagland, and J. M. McAlerney, "Practical automated detection of stealthy portscans", J. Comput. Secur., 10(1--2):105--136, 2002.

Digital Library

[20]

K. Sequeira and M. Zaki, "Admit: anomaly-based data mining for intrusions", In KDD '02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 386--395, New York, NY, USA, 2002. ACM.

Digital Library

[21]

N. Ye. "A markov chain model of temporal behavior for anomaly detection". In Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, 2000, pages 171--174, 2000.

[22]

K. Yamanishi, J. Takeuchi, G. J. Williams, and P. Milne, "Online unsupervised outlier detection using finite mixtures with discounting learning algorithms", In Knowledge Discovery and Data Mining, pages 320--324, 2000.

Digital Library

[23]

N. Ye and Q. Chen, "An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems", 2001.

[24]

E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo, "A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data", 2002.

[25]

C. C. Aggarwal and P. S. Yu, "Outlier detection for high dimensional data", In SIGMOD Conference, 2001.

Digital Library

[26]

M. M. Breunig, H. Kriegel, R. T. Ng, and J. Sander, "LOF: identifying density-based local outliers", pages 93--104, 2000.

Digital Library

[27]

E. M. Knorr and R. T. Ng, "Algorithms for mining distance-based outliers in large datasets", In Proc. 24th Int. Conf. Very Large Data Bases, VLDB, pages 392--403, 24--27 1998.

Digital Library

[28]

S. Ramaswamy, R. Rastogi, and K. Shim. "Efficient algorithms for mining outliers from large datasets". pages 427--438, 2000.

Digital Library

[29]

R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, and S. Zhou, "Specification-based anomaly detection: a new approach for detecting network intrusions.", In CCS '02: Proceedings of the 9th ACM conference on Computer and communications security, pages 265--274, New York, NY, USA, 2002. ACM.

Digital Library

[30]

T. Shon and J. Moon, "A hybrid machine learning approach to network anomaly detection", Inf. Sci., 177(18):3799--3821, 2007.

Digital Library

[31]

D. Barbará, N. Wu, and S. Jajodia, "Detecting novel network intrusions using bayes estimators.", In Proceedings of the First SIAM Conference on Data Mining, April 2001.

[32]

C. Sinclair, L. Pierce, and S. Matzner, "An application of machine learning to network intrusion detection.", In ACSAC '99: Proceedings of the 15th Annual Computer Security Applications Conference, page 371, Washington, DC, USA, 1999. IEEE Computer Society.

Digital Library

[33]

A. K. Ghosh and A. Schwartzbard, "A study in using neural networks for anomaly and misuse detection.", In SSYM'99: Proceedings of the 8th conference on USENIX Security Symposium, pages 12--12, Berkeley, CA, USA, 1999. USENIX Association.

Digital Library

[34]

W. Lee and S. Stolfo, "Data mining approaches for intrusion detection.", In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 1998.

Digital Library

[35]

R. P. Lippmann and R. K. Cunningham, "Improving intrusion detection performance using keyword selection and neural networks.", Comput. Networks, 34(4):597--603, 2000.

Digital Library

[36]

J. Luo, "Integrating fuzzy logic with data mining methods for intrusion detection.", Master's thesis, Mississippi State Univ., 1999.

[37]

M. V. Joshi and V. Kumar, "Credos: Classification using ripple down structure (a case for rare classes).", In SDM, 2004.

[38]

R. Agarwal and M. V. Joshi, "Pnrule: A new framework for learning classifier models in data mining.", Technical Report 00-015, Department of Computer Science, University of Minnesota, 2000.

[39]

S. Manganaris, M. Christensen, D. Zerkle, and K. Hermiz, "A data mining analysis of rtid alarms.", Comput. Networks, 34(4):571--577, 2000.

Digital Library

[40]

A. Lazarevic, N. V. Chawla, L. O. Hall, and K. W. Bowyer, "Smoteboost: Improving the prediction of minority class in boosting.", Technical Report 00-015, AHPCRC, 2002.

[41]

W. Lee, S. Stolfo, and K. Mok, "Mining in a data-flow environment: Experience in network intrusion detection.", In Surajit Chaudhuri and David Madigan, editors, Proceedings of the Fifth International Conference on Knowledge Discovery and Data Mining (KDD'99), pages 114--124, 1999.

Digital Library

[42]

W. Lee, S. J. Stolfo, and K. W. Mok, "Adaptive intrusion detection: A data mining approach.", Artificial Intelligence Review, 14(6):533--567, 2000.

Digital Library

[43]

S. M. Bridges, "Fuzzy data mining and genetic algorithms applied to intrusion detection".

[44]

X. Li and N. Ye, "Decision tree classifiers for computer intrusion detection.", pages 77--93, 2003.

Digital Library

[45]

J. Ryan, M. Lin, and R. Miikkulainen, "Intrusion detection with neural networks.", In Michael I. Jordan, Michael J. Kearns, and Sara A. Solla, editors, Advances in Neural Information Processing Systems, volume 10. The MIT Press, 1998.

Digital Library

[46]

K. Das, "Protocol anomaly detection for network-based intrusion detection."

[47]

E. Lemonnier, "Protocol anomaly detection in network-based idss, 2001."

[48]

S. Beetle, "A strict anomoly detection model for ids", 2000.

[49]

J. M. Estevez-Tapiador, P. Garcia-Teodoro, and J. E. Diaz-Verdejo, "Stochastic protocol modeling for anomaly based network intrusion detection.", In IEEE-IWIA '03: Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03), page 3, Washington, DC, USA, 2003. IEEE Computer Society.

Digital Library

[50]

Z. Qin, N. Li, D. F. Zhang, and N. Z. Bian, "Improvement of protocol anomaly detection based on markov chain and its application.", In ISPA 2005 Workshops on Parallel and Distributed Processing and Applications, 2005.

Digital Library

[51]

S. P. Joglekar and S. R. Tate, "Protomon: Embedded monitors for cryptographic protocol intrusion detection and prevention.", In ITCC '04: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2, page 81, Washington, DC, USA, 2004. IEEE Computer Society.

Digital Library

[52]

K. Thompson, R. Miller, and G.J. Wilder, "Wide-area internet traffic patterns and characteristics.", IEEE Network, 11(6):10--23, 1997.

Digital Library

[53]

S. McCreary and K. Claffy, "Trends in wide area IP traffic patterns - A view from ames Internet exchange.", Proceedings of the 13th ITC Specialist Seminar on Internet Traffic Measurement and Modeling, Monterey, CA, 2000.

[54]

C. Shannon, D. Moore, and K. Claffy, "Beyond folklore: Observations on fragmented traffic", 2002.

[55]

C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, and C. Diot, "Packet-level traffic measurements from the sprint ip backbone", 2003.

[56]

K. Pentikousis and H. Badr, "Quantifying the deployment of tcp options - a comparative study"

[57]

M. Allman, "A web server's view of the transport layer", 2000.

[58]

A. Medina, M. Allman, and S. Floyd, "Measuring the evolution of transport protocols in the internet.", 2004.

[59]

C. D. Manning and H. Schütze, "Foundations of Statistical Natural Language Processing.", The MIT Press, Cambridge, Massachusetts, 1999.

Digital Library

[60]

K. Wang, J. J. Parekh, and S. J. Stolfo, "Anagram: A content anomaly detector resistant to mimicry attack.", In Symposium on Recent Advances in Intrusion Detection., Hamburg, Germany, 2006.

Digital Library

[61]

K. Wang "Network payload-based anomaly detection and content-based alert correlation.", PhD thesis, Columbia University, 2007.

[62]

B. H. Bloom, "Space/time trade-offs in hash coding with allowable errors.", Communications of the ACM, 13(7):422--426, 1970.

Digital Library

[63]

A. Partow, "The general purpose hash function algorithm library."

[64]

G. Qu, S. Hariri, and M. S. Yousif, "A new dependency and correlation analysis for features." IEEE Trans. Knowl. Data Eng., vol. 17, no. 9, 2005 pp. 1199--1207.

Digital Library

[65]

W. W. Cohen. "Fast effective rule induction", In Proceedings of the Twelfth International Conference on Machine Learning, Lake Tahoe, California, 1995.

Digital Library

[66]

Y. Al-Nashif, A. Arun Kumar, S. Hariri, Y. Luo, F. Szidarovsky, G. Qu, Guangzhi Qu, Multi-Level Intrusion Detection System (ML-IDS), the 5th IEEE International Conference on Autonomic Computing (ICAC 2008), Chicago, IL, USA.

Digital Library

[67]

C. M. Bishop, "Pattern Recognition and Machine Learning", Springer, 2007.

[68]

T. Toth and C. Kruegel, "Evaluating the impact of automated intrusion response mechanisms", In proceedings of the 18th Annual Computer Security Applications Conference (AC-SAC '02), p.301., 2002.

Digital Library

[69]

I. Balepin and S. Maltsev, et al, "Using Specification-Based Intrusion Detection for Automated Response" Lecture Notes in Computer Science, Volume 2820/2003, Page 136--154

[70]

K. Lye and J. Wing, "Game Strategies in Network Security" Carnegie Mellon University-CS-02-136, may 2002

[71]

J. Filar and K. Vrieze, "Competitive Markov Decision Processes". Springer-Verlag, New York, 1996.

Digital Library

[72]

D. Fudenberg and J. Tirole. "Game Theory" MIT Press, 1991.

[73]

D. L. Pipkin. "Information security: protecting the global enterprise.", Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 2000.

Digital Library

[74]

S. Hariri, G. Qu, H. Chen, Y. Al-Nashif, M. Yousif, "Autonomic Network Security Management: Design and Evaluation", ACM Transactions on Autonomous and Adaptive Systems - Special Issue on Adaptive Learning in Autonomic Communication, 2007.

[75]

D. E. Goldberg, "Genetic algorithms in search, optimization and machine learning.", Addison-Wesley, Reading, MA, 1989.

Digital Library

[76]

R. Hecht-Nielsen, "Neurocomputing.", Addison-Wesley, Reading, MA, 1990.

Digital Library

[77]

S. M. Ross, "Introduction to probability and statistics for engineers and scientists.", John Wiley and Sons, New York, NY, 1987.

Cited By

Mazur JRouff CTekeoglu A(2024)ACPPS: Autonomic Computing based Phishing Protection System2024 IEEE 14th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC60891.2024.10427857(0564-0569)Online publication date: 8-Jan-2024
https://doi.org/10.1109/CCWC60891.2024.10427857
Rouff CWatkins LSterritt RHariri S(2021)SoK: Autonomic Cybersecurity - Securing Future Disruptive Technologies2021 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR51186.2021.9527908(66-72)Online publication date: 26-Jul-2021
https://doi.org/10.1109/CSR51186.2021.9527908

Index Terms

Autonomic and Integrated Management for Proactive Cyber Security (AIM-PSC)
1. Security and privacy

Recommendations

Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
A network security classifier defense: against adversarial machine learning attacks
WiseML '20: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning

The discovery of practical adversarial machine learning (AML) attacks against machine learning-based wired and wireless network security detectors has driven the necessity of a defense. Without a defense mechanism against AML, attacks in wired and ...
The Role of Human Operators' Suspicion in the Detection of Cyber Attacks

Despite the importance that human error in the cyber domain has had in recent reports, cyber warfare research to date has largely focused on the effects of cyber attacks on the target computer system. In contrast, there is little empirical work on the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

UCC '17 Companion: Companion Proceedings of the10th International Conference on Utility and Cloud Computing

December 2017

252 pages

ISBN:9781450351959

DOI:10.1145/3147234

General Chairs:
Ashiq Anjum
University of Derby, UK
,
Alan Sill
Texas Tech University, USA
,
Program Chairs:
Geoffrey Fox
Indiana University, USA
,
Yong Chen
Texas Tech University, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture
IEEE TCSC: IEEE Technical Committee on Scalable Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

UCC '17

Sponsor:

SIGARCH
IEEE TCSC

UCC '17: 10th International Conference on Utility and Cloud Computing

December 5 - 8, 2017

Texas, Austin, USA

Acceptance Rates

Overall Acceptance Rate 38 of 125 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
148
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mazur JRouff CTekeoglu A(2024)ACPPS: Autonomic Computing based Phishing Protection System2024 IEEE 14th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC60891.2024.10427857(0564-0569)Online publication date: 8-Jan-2024
https://doi.org/10.1109/CCWC60891.2024.10427857
Rouff CWatkins LSterritt RHariri S(2021)SoK: Autonomic Cybersecurity - Securing Future Disruptive Technologies2021 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR51186.2021.9527908(66-72)Online publication date: 26-Jul-2021
https://doi.org/10.1109/CSR51186.2021.9527908

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents