Degree Type

Thesis

Date of Award

2016

Degree Name

Master of Science

Department

Computer Science

Major

Computer Science

First Advisor

Samik Basu

Abstract

Over the past decades, cyber attacks have grown in frequency as well as in sophistication.

Often, they elude the counter-measures that are in place due to inadequate expert man-power

that is necessary to manually deploy the correct responses and maintain systems being compromised.

We present a decision support framework to aid in timely deployment and maintenance

of effective responses when intrusive or malicious behavior is detected.

The support framework has two specific objectives: to identify the best set of responses given

the knowledge of the attack and the system being protected; and to identify the minimal set of

responses that must be deployed. While appropriateness of responses is of utmost importance

to safeguard systems from attacks, minimality in the number of responses, an important factor

from the deployment and maintainability perspective, has often been discarded. Our framework

leverages National Vulnerability Database as a source for information about the attacks, relies

on the pre-specified expert knowledge about the responses that can adequately stop attack

and takes into considerations the impact of an attack as well as responses on the system being

protected in terms of well-studied CIA (Confidentiality, Integrity and Availability) vector.

We utilize Trade-off Enhanced Conditional Preference Network (TCP-net) to qualitatively

represent and reason about the CIA priorities of the expert and model the problem of identifying

minimal set of most effective responses into a search problem. The choice of TCP-net stems

from the fact that the CIA priorities are typically qualitative in nature and it has been proven

that quantification of priorities that are inherently qualitative can result in incorrect and often

unexplainable results due to seemingly small perturbations in quantitative measures. Our TCPnet

based computation can generate provably optimal solution where optimality corresponds

to minimality of selected responses. While optimality is an important factor, the necessity

for computing the solution efficiently cannot be overstated, particularly in the context where

timeliness in response deployment is equally important. We investigate and evaluate several

ix

heuristics with the goal of searching part of the potentially large solution space and compute

a solution that is ”close” to the optimal solution. We discuss the relative advantages and

disadvantages of each heuristic, and present a specific one that is efficient in computing the

optimal solution.

Copyright Owner

Maheedhar Gunasekharan

Language

en

File Format

application/pdf

File Size

41 pages

Share

COinS