Risk balance defense approach against intrusions for network server
The paper presents a new defense approach based on risk balance to protect network servers from intrusion activities. We construct and implement a risk balance system, which consists of three modules, including a comprehensive alert processing module, an online risk assessment module, and a risk bal...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2013
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/1993 http://dx.doi.org/10.1007/s10207-013-0214-9 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-2992 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-29922014-02-04T11:54:04Z Risk balance defense approach against intrusions for network server MU, Chengpo YU, Meng LI, Yingjiu Zang, Wanyu The paper presents a new defense approach based on risk balance to protect network servers from intrusion activities. We construct and implement a risk balance system, which consists of three modules, including a comprehensive alert processing module, an online risk assessment module, and a risk balance response decision-making module. The alert processing module improves the information quality of intrusion detection system (IDS) raw alerts by reducing false alerts rate, forming alert threads, and computing general parameters from the alert threads. The risk assessment module provides accurate evaluation of risks accordingly to alert threads. Based on the risk assessment, the response decision-making module is able to make right response decisions and perform very well in terms of noise immunization. Having advantages over conventional intrusion response systems, the risk balancer protects network servers not by directly blocking intrusion activities but by redirecting related network traffics and changing service platform. In this way, the system configurations that favor attackers are changed, and attacks are stopped with little impact on services to users. Therefore, the proposed risk balance approach is a good solution to not only the trade-off between the effectiveness and the negative effects of responses but also the false response problems caused by both IDS false-positive alerts and duplicated alerts. 2013-06-01T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/1993 info:doi/10.1007/s10207-013-0214-9 http://dx.doi.org/10.1007/s10207-013-0214-9 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Risk balance Intrusion response Risk assessment Alert processing Intrusion detection Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Risk balance Intrusion response Risk assessment Alert processing Intrusion detection Information Security |
| spellingShingle |
Risk balance Intrusion response Risk assessment Alert processing Intrusion detection Information Security MU, Chengpo YU, Meng LI, Yingjiu Zang, Wanyu Risk balance defense approach against intrusions for network server |
| description |
The paper presents a new defense approach based on risk balance to protect network servers from intrusion activities. We construct and implement a risk balance system, which consists of three modules, including a comprehensive alert processing module, an online risk assessment module, and a risk balance response decision-making module. The alert processing module improves the information quality of intrusion detection system (IDS) raw alerts by reducing false alerts rate, forming alert threads, and computing general parameters from the alert threads. The risk assessment module provides accurate evaluation of risks accordingly to alert threads. Based on the risk assessment, the response decision-making module is able to make right response decisions and perform very well in terms of noise immunization. Having advantages over conventional intrusion response systems, the risk balancer protects network servers not by directly blocking intrusion activities but by redirecting related network traffics and changing service platform. In this way, the system configurations that favor attackers are changed, and attacks are stopped with little impact on services to users. Therefore, the proposed risk balance approach is a good solution to not only the trade-off between the effectiveness and the negative effects of responses but also the false response problems caused by both IDS false-positive alerts and duplicated alerts. |
| format |
text |
| author |
MU, Chengpo YU, Meng LI, Yingjiu Zang, Wanyu |
| author_facet |
MU, Chengpo YU, Meng LI, Yingjiu Zang, Wanyu |
| author_sort |
MU, Chengpo |
| title |
Risk balance defense approach against intrusions for network server |
| title_short |
Risk balance defense approach against intrusions for network server |
| title_full |
Risk balance defense approach against intrusions for network server |
| title_fullStr |
Risk balance defense approach against intrusions for network server |
| title_full_unstemmed |
Risk balance defense approach against intrusions for network server |
| title_sort |
risk balance defense approach against intrusions for network server |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2013 |
| url |
https://ink.library.smu.edu.sg/sis_research/1993 http://dx.doi.org/10.1007/s10207-013-0214-9 |
| _version_ |
1770571770448838656 |