Automated Response Actions (2014 Year in Review)

A recurring problem in cybersecurity is the need to automate systems to reduce human effort and error and to be able to react rapidly and accurately to an intrusion or insertion. The nine articles cited here describe a number of interesting approaches and a novel study using sunglass reflections to reconstruct keypad use on cellphones and other mobile devices. 

Zonouz, S.A.; Khurana, H.; Sanders, W.H.; Yardley, T.M., "RRE: A Game-Theoretic Intrusion Response and Recovery Engine," Parallel and Distributed Systems, IEEE Transactions on, vol. 25, no. 2, pp.395, 406, Feb. 2014. doi: 10.1109/TPDS.2013.211

Abstract: Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the response and recovery engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. The RRE applies attack-response trees (ART) to analyze undesired system-level security events within host computers and their countermeasures using Boolean logic to combine lower level attack consequences. In addition, the RRE accounts for uncertainties in intrusion detection alert notifications. The RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. To support network-level multiobjective response selection and consider possibly conflicting network security properties, we employ fuzzy logic theory to calculate the network-level security metric values, i.e., security levels of the system's current and potentially future states in each stage of the game. In particular, inputs to the network-level game-theoretic response selection engine, are first fed into the fuzzy system that is in charge of a nonlinear inference and quantitative ranking of the possible actions using its previously defined fuzzy rule set. Consequently, the optimal network-level response actions are chosen through a game-theoretic optimization process. Experimental results show that the RRE, using Snort's alerts, can protect large networks for which attack-response trees have more than 500 nodes.

Keywords: Boolean functions; Markov processes; computer network security; decision theory; fuzzy set theory; stochastic games; trees (mathematics);ART; Boolean logic; RRE; Snort alerts; attack-response trees; automated response techniques; detection algorithms; fuzzy logic theory; fuzzy rule set; fuzzy system; game-theoretic intrusion response and recovery engine strategy; game-theoretic optimization process; intrusion detection; lower level attack consequences; network level game-theoretic response selection engine; network security property; network-level multiobjective response selection; network-level security metric values; networked computing systems; nonlinear inference; optimal network-level response actions; partially observable competitive Markov decision process; system-level security events; two-player Stackelberg stochastic game; Computers; Engines; Games; Markov processes; Security; Subspace constraints; Uncertainty; Computers; Engines; Games; Intrusion response systems; Markov decision processes; Markov processes; Security; Subspace constraints; Uncertainty; and fuzzy logic and control; network state estimation; stochastic games   (ID#:15-4009)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6583161&isnumber=6689796

Ling-Xi Peng; Tian-Wei Chen, "Automated Intrusion Response System Algorithm with Danger Theory," Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on, pp.31,34, 13-15 Oct. 2014. doi: 10.1109/CyberC.2014.16

Abstract: Intrusion response is a new generation of technology basing on active defence idea, which has very prominent significance on the protection of network security. However, the existing automatic intrusion response systems are difficult to judge the real "danger" of invasion or attack. In this study, an immune-inspired adaptive automated intrusion response system model, named as AIAIM, was given. With the descriptions of self, non-self, memory detector, mature detector and immature detector of the network transactions, the real-time network danger evaluation equations of host and network are built up. Then, the automated response polices are taken or adjusted according to the real-time danger and attack intensity, which not only solve the problem that the current automated response system models could not detect the true intrusions or attack actions, but also greatly reduce the response times and response costs. Theory analysis and experimental results prove that AIAIM provides a positive and active network security method, which will help to overcome the limitations of traditional passive network security system.

Keywords: artificial immune systems; computer network security; adaptive automated intrusion response system; artificial immune system; danger theory; immature detector; memory detector; network security; real-time network danger evaluation equation; Communication networks; Detectors; Distributed computing; Knowledge discovery; Mathematical model; Real-time systems; Security; artificial immune; automated intrusion response system; danger evaluation   (ID#:15-4010)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6984277&isnumber=6984259

de Oliveira Saraiva, F.; Nobuhiro Asada, E., "Multi-Agent Systems Applied To Topological Reconfiguration Of Smart Power Distribution Systems," Neural Networks (IJCNN), 2014 International Joint Conference on, pp. 2812, 2819, 6-11 July 2014. doi: 10.1109/IJCNN.2014.6889791

Abstract: One of the various features expected for a smart power distribution system - a smart grid in the power distribution level - is the possibility of the fully automated operation for certain control actions. Although this is very expected, it requires various logic, sensor and actuator technologies in a system which, historically, has a low level of automation. One of the most analyzed problems for the distribution system is the topology reconfiguration. The reconfiguration has been applied to various objectives: minimization of power losses, voltage regulation, load balancing, to name a few. The solution method in most cases is centralized and its application is not in real-time. From the new perspectives of advanced distribution systems, fast and adaptive response of the control actions are required, specially in the presence of alternative generation sources and electrical vehicles. In this context, the multi-agent system, which embeds the necessary control actions and decision making is proposed for the topology reconfiguration aiming the loss reduction. The concept of multi-agent system for distribution system is proposed and two case studies with 11-Bus and 16-Bus system are presented.

Keywords: decision making; multi-agent systems; power distribution control; smart power grids; 11-Bus system;16-Bus system; alternative generation sources; control action adaptive response; decision making; electrical vehicles; load balancing; multiagent systems; power loss minimization; power loss reduction; smart grid; smart power distribution systems; topology reconfiguration; voltage regulation; Decision making; Minimization; Multi-agent systems; Power distribution; Smart grids; Substations; Topology   (ID#:15-4011)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889791&isnumber=6889358

Yanfei Guo; Lama, P.; Changjun Jiang; Xiaobo Zhou, "Automated and Agile Server ParameterTuning by Coordinated Learning and Control," Parallel and Distributed Systems, IEEE Transactions on, vol. 25, no. 4, pp.876, 886, April 2014. doi: 10.1109/TPDS.2013.115

Abstract: Automated server parameter tuning is crucial to performance and availability of Internet applications hosted in cloud environments. It is challenging due to high dynamics and burstiness of workloads, multi-tier service architecture, and virtualized server infrastructure. In this paper, we investigate automated and agile server parameter tuning for maximizing effective throughput of multi-tier Internet applications. A recent study proposed a reinforcement learning based server parameter tuning approach for minimizing average response time of multi-tier applications. Reinforcement learning is a decision making process determining the parameter tuning direction based on trial-and-error, instead of quantitative values for agile parameter tuning. It relies on a predefined adjustment value for each tuning action. However it is nontrivial or even infeasible to find an optimal value under highly dynamic and bursty workloads. We design a neural fuzzy control based approach that combines the strengths of fast online learning and self-adaptiveness of neural networks and fuzzy control. Due to the model independence, it is robust to highly dynamic and bursty workloads. It is agile in server parameter tuning due to its quantitative control outputs. We implemented the new approach on a testbed of virtualized data center hosting RUBiS and WikiBench benchmark applications. Experimental results demonstrate that the new approach significantly outperforms the reinforcement learning based approach for both improving effective system throughput and minimizing average response time.

Keywords: Internet; control engineering computing; fault tolerant computing; fuzzy control; learning (artificial intelligence); neurocontrollers; self-adjusting systems; telecommunication computing; virtualisation; WikiBench benchmark application; agile parameter tuning; agile server parameter tuning; automated server parameter tuning; average response time; bursty workloads; cloud environments; coordinated learning and control; decision making process; effective throughput; model independence; multitier Internet applications; multitier applications; multitier service architecture; neural fuzzy control; neural networks; online learning; parameter tuning direction; predefined adjustment value; quantitative control output; reinforcement learning based server parameter tuning approach; self-adaptiveness; system throughput ;trial-and-error; virtualized data center hosting RUBiS; virtualized server infrastructure; Fuzzy control; Internet; Neurons; Servers; Throughput; Time factors; Tuning; Automated server parameter tuning; autonomic computing ;internet applications; neural fuzzy control   (ID#:15-4012)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6497051&isnumber=6750096

Shahgoshtasbi, D.; Jamshidi, M.M., "A New Intelligent Neuro–Fuzzy Paradigm for Energy-Efficient Homes," Systems Journal, IEEE, vol. 8, no. 2, pp.664, 673, June 2014. doi: 10.1109/JSYST.2013.2291943

Abstract: Demand response (DR), which is the action voluntarily taken by a consumer to adjust amount or timing of its energy consumption, has an important role in improving energy efficiency. With DR, we can shift electrical load from peak demand time to other periods based on changes in price signal. At residential level, automated energy management systems (EMS) have been developed to assist users in responding to price changes in dynamic pricing systems. In this paper, a new intelligent EMS (iEMS) in a smart house is presented. It consists of two parts: a fuzzy subsystem and an intelligent lookup table. The fuzzy subsystem is based on its fuzzy rules and inputs that produce the proper output for the intelligent lookup table. The second part, whose core is a new model of an associative neural network, is able to map inputs to desired outputs. The structure of the associative neural network is presented and discussed. The intelligent lookup table takes three types of inputs that come from the fuzzy subsystem, outside sensors, and feedback outputs. Whatever is trained in this lookup table are different scenarios in different conditions. This system is able to find the best energy-efficiency scenario in different situations.

Keywords: energy management systems; fuzzy set theory; home automation; neural nets; power engineering computing; table lookup; DR; associative neural network; automated energy management systems; demand response; energy-efficient homes; fuzzy rules; fuzzy subsystem;  iEMS; Intelligent EMS; intelligent lookup table; intelligent neuro-fuzzy paradigm; smart house; Energy consumption; Energy management; Home appliances; Neural networks; Neurons; Pricing; Smart grids; Demand response (DR);energy efficiency; fuzzy logic; neural networks; smart grid   (ID#:15-4013)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6705637&isnumber=6819870

Bande, V.; Pop, S.; Pitica, D., "Smart Diagnose Procedure For Data Acquisition Systems Inside Dams," Design and Technology in Electronic Packaging (SIITME), 2014 IEEE 20th International Symposium for, vol., no., pp.179,182, 23-26 Oct. 2014. doi: 10.1109/SIITME.2014.6967022

Abstract: This scientific paper reveals an intelligent system for data acquisition for dam monitoring and diagnose. This system is built around the RS485 communication standard and uses its own communication protocol [2]. The aim of the system is to monitor all signal levels inside the communication bus, respectively to detect the out of action data loggers. The diagnose test extracts the following functional parameters: supply voltage and the absolute value and common mode value for differential signals used in data transmission (denoted with “A” and “B”). Analyzing this acquired information, it's possible to find short-circuits or open-circuits across the communication bus. The measurement and signal processing functions, for flaws, are implemented inside the system's central processing unit. The next testing step is finding the out of action data loggers and is being made by trying to communicate with every data logger inside the network. The lack of any response from a data logger is interpreted as an error and using the code of the data logger's microcontroller, it is possible to find its exact position inside the dam infrastructure. The novelty of this procedure is the fact that it completely automates the diagnose procedure, which, until now, was made visually by checking every data logger.

Keywords: dams; data acquisition; data loggers; field buses ;microcontrollers; protocols; signal processing; structural engineering computing;RS485 communication protocol standard; communication bus; dam monitoring; data acquisition system; data logger; data transmission; differential signal; microcontroller; open-circuit; short-circuit; signal processing; smart diagnose procedure; Central Processing Unit; Electronics packaging; Protocols; Temperature measurement; Testing; Transducers; Voltage measurement; dam; diagnose; protocol; sensor; system   (ID#:15-4014)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6967022&isnumber=6966980

Popli, N.; Ilic, M.D., "Storage Devices for Automated Frequency Regulation and Stabilization," PES General Meeting | Conference & Exposition, 2014 IEEE, pp. 1, 5, 27-31 July 2014. doi: 10.1109/PESGM.2014.6939861

Abstract: In this paper we propose a framework for automating feedback control to balance hard-to-predict wind power variations. The power imbalance is a result of non-zero mean error around the wind power forecast. Our proposed framework is aimed at achieving the objective of frequency stabilization and regulation through one control action. A case-study for a real-world system on Flores island in Portugal is provided. Using a battery-based storage on the island, we illustrate the proposed control framework.

Keywords: battery storage plants; feedback; frequency control; frequency stability; wind power plants; Flores island; automated frequency regulation; automated frequency stabilization; battery-based storage ;feedback control; hard-to-predict wind power variations; non-zero mean error; power imbalance; storage devices; wind power forecast; Automatic generation control; Batteries; Frequency control; Generators; Jacobian matrices; Wind forecasting; Wind power generation; Automatic Generation Control (AGC); Battery; Frequency Regulation; Frequency Stabilization; Governor Response; Singular Power Flow Jacobian; Slack Bus   (ID#:15-4015)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6939861&isnumber=6938773

Kurian, N.A.; Thomas, A.; George, B., "Automated Fault Diagnosis in Multiple Inductive Loop Detectors," India Conference (INDICON), 2014 Annual IEEE, pp. 1, 5, 11-13 Dec. 2014. doi: 10.1109/INDICON.2014.7030431

Abstract: Multiple Inductive Loop Detectors are advanced Inductive Loop Sensors that can measure traffic flow parameters in even conditions where the traffic is heterogeneous and does not conform to lanes. This sensor consists of many inductive loops in series, with each loop having a parallel capacitor across it. These inductive and capacitive elements of the sensor may undergo open or short circuit faults during operation. Such faults lead to erroneous interpretation of data acquired from the loops. Conventional methods used for fault diagnosis in inductive loop detectors consume time and effort as they require experienced technicians and involve extraction of loops from the saw-cut slots on the road. This also means that the traffic flow parameters cannot be measured until the sensor system becomes functional again. The repair activities would also disturb traffic flow. This paper presents a method for automating fault diagnosis for series-connected Multiple Inductive Loop Detectors, based on an impulse test. The system helps in the diagnosis of open/short faults associated with the inductive and capacitive elements of the sensor structure by displaying the fault status conveniently. Since the fault location as well as the fault type can be precisely identified using this method, the repair actions are also localised. The proposed system thereby results in significant savings in both repair time and repair costs. An embedded system was developed to realize this scheme and the same was tested on a loop prototype.

Keywords: embedded systems; fault location; inductive sensors; automated fault diagnosis; embedded system; fault location; series-connected multiple inductive loop detectors; traffic flow detectors; Circuit faults; Detectors; Fault diagnosis; Frequency response; Resonant frequency; Vehicles ;Embedded System ;Fault Diagnosis; Multiple Inductive Loop Detectors; Transfer Function   (ID#:15-4016)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7030431&isnumber=7030354

Note:



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.