Wednesday, July 13, 2011

an idea on intrusion response

Intrusion response, as it said, it is kind of a reaction to some attacks happening (ongoing) in the system already. It effects after the adversary successfully attacked the system. The goal for such research is to bring an insecure network (CPS) under ongoing attacks to its normal operational mode with the minimum possible cost.
For example, if our CPS is under light DoS attack, controller and plant could still talk with each other, but there is large delay on the network caused by DoS attack. The UAV plant may not track the signal well. This is the cost, if we could define it formally, it would be much better. Then how could we response/react to this insecure network to make the possible cost minimum, which strategy should we choose to response/react based on which kind of selection algorithm.
But if we do so, that will make this problem as mitigating the attack.
Posted by at
Labels: ,

1 comment:

  1. JiannianJuly 26, 2011 at 4:42 PM

    Maybe we could also use the idea of Cost-to-Break, if for a deception attack, it would be easily understood. Find a way to define it mathematically.

    ReplyDelete

Subscribe to: Post Comments (Atom)