Scalable network intrusion detection and countermeasure selection in virtual network systems

Jin B. Hong, Chun Jen Chung, Dijiang Huang, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

1 Citation (Scopus)

Abstract

Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services (e.g., privilege escalation attacks). Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models (e.g., Attack Graphs (AG)) do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model (HARM) in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.

Original languageEnglish
Title of host publicationAlgorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings
EditorsG.M. Perez, A. Zomaya, K. Li, G. Wang
Place of PublicationGermany
PublisherSpringer-Verlag London Ltd.
Pages582-592
Number of pages11
Volume9532
ISBN (Print)9783319271606
DOIs
Publication statusPublished - 1 Jan 2015
Externally publishedYes
Event15th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2015 - Zhangjiajie, China
Duration: 18 Nov 201520 Nov 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9532
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2015
CountryChina
CityZhangjiajie
Period18/11/1520/11/15

Fingerprint

Network Intrusion Detection
Intrusion detection
Countermeasures
Attack
Security Model
Graph in graph theory
Cloud computing
Scalability
Security Analysis
Virtual Machine
Intrusion Detection
Cloud Computing
Vulnerability
Model
Costs
Transform

Cite this

Hong, J. B., Chung, C. J., Huang, D., & Kim, D. S. (2015). Scalable network intrusion detection and countermeasure selection in virtual network systems. In G. M. Perez, A. Zomaya, K. Li, & G. Wang (Eds.), Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings (Vol. 9532, pp. 582-592). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9532). Germany: Springer-Verlag London Ltd.. https://doi.org/10.1007/978-3-319-27161-3_53
Hong, Jin B. ; Chung, Chun Jen ; Huang, Dijiang ; Kim, Dong Seong. / Scalable network intrusion detection and countermeasure selection in virtual network systems. Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. editor / G.M. Perez ; A. Zomaya ; K. Li ; G. Wang. Vol. 9532 Germany : Springer-Verlag London Ltd., 2015. pp. 582-592 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{3be8be1b35554a179482bc59f043e91c,
title = "Scalable network intrusion detection and countermeasure selection in virtual network systems",
abstract = "Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services (e.g., privilege escalation attacks). Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models (e.g., Attack Graphs (AG)) do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model (HARM) in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.",
keywords = "Attack graphs, Countermeasure selection, Intrusion detection, Network security, Scalability",
author = "Hong, {Jin B.} and Chung, {Chun Jen} and Dijiang Huang and Kim, {Dong Seong}",
year = "2015",
month = "1",
day = "1",
doi = "10.1007/978-3-319-27161-3_53",
language = "English",
isbn = "9783319271606",
volume = "9532",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag London Ltd.",
pages = "582--592",
editor = "G.M. Perez and A. Zomaya and K. Li and G. Wang",
booktitle = "Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings",
address = "Germany",

}

Hong, JB, Chung, CJ, Huang, D & Kim, DS 2015, Scalable network intrusion detection and countermeasure selection in virtual network systems. in GM Perez, A Zomaya, K Li & G Wang (eds), Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. vol. 9532, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9532, Springer-Verlag London Ltd., Germany, pp. 582-592, 15th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2015, Zhangjiajie, China, 18/11/15. https://doi.org/10.1007/978-3-319-27161-3_53

Scalable network intrusion detection and countermeasure selection in virtual network systems. / Hong, Jin B.; Chung, Chun Jen; Huang, Dijiang; Kim, Dong Seong.

Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. ed. / G.M. Perez; A. Zomaya; K. Li; G. Wang. Vol. 9532 Germany : Springer-Verlag London Ltd., 2015. p. 582-592 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9532).

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Scalable network intrusion detection and countermeasure selection in virtual network systems

AU - Hong, Jin B.

AU - Chung, Chun Jen

AU - Huang, Dijiang

AU - Kim, Dong Seong

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services (e.g., privilege escalation attacks). Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models (e.g., Attack Graphs (AG)) do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model (HARM) in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.

AB - Security of virtual network systems, such as Cloud computing systems, is important to users and administrators. One of the major issues with Cloud security is detecting intrusions to provide time-efficient and cost-effective countermeasures. Cyber-attacks involve series of exploiting vulnerabilities in virtual machines, which could potentially cause a loss of credentials and disrupt services (e.g., privilege escalation attacks). Intrusion detection and countermeasure selection mechanisms are proposed to address the aforementioned issues, but existing solutions with traditional security models (e.g., Attack Graphs (AG)) do not scale well with a large number of hosts in the Cloud systems. Consequently, the model cannot provide a security solution in practical time. To address this problem, we incorporate a scalable security model named Hierarchical Attack Representation Model (HARM) in place of the AG to improve the scalability. By doing so, we can provide a security solution within a reasonable timeframe to mitigate cyber attacks. Further, we show the equivalent security analysis using the HARM and the AG, as well as to demonstrate how to transform the existing AG to the HARM.

KW - Attack graphs

KW - Countermeasure selection

KW - Intrusion detection

KW - Network security

KW - Scalability

UR - http://www.scopus.com/inward/record.url?scp=84951994747&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-27161-3_53

DO - 10.1007/978-3-319-27161-3_53

M3 - Conference paper

SN - 9783319271606

VL - 9532

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 582

EP - 592

BT - Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings

A2 - Perez, G.M.

A2 - Zomaya, A.

A2 - Li, K.

A2 - Wang, G.

PB - Springer-Verlag London Ltd.

CY - Germany

ER -

Hong JB, Chung CJ, Huang D, Kim DS. Scalable network intrusion detection and countermeasure selection in virtual network systems. In Perez GM, Zomaya A, Li K, Wang G, editors, Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. Vol. 9532. Germany: Springer-Verlag London Ltd. 2015. p. 582-592. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-27161-3_53