Would an Object Representation Invariant Provide Sufficient State Based Knowledge to Adapt Network Intrusion Detection System Rules With Minimal Impact to System Resources?

Autor: Anthony Melaragno
Rok vydání: 2020
Předmět:
Zdroj: DASC/PiCom/CBDCom/CyberSciTech
DOI: 10.1109/dasc-picom-cbdcom-cyberscitech49142.2020.00099
Popis: This work illustrates experimentally with an implemented system and defined representation invariant that when the representation invariant is violated security adaptations can be made to a Network Intrusion Detection System (NIDS). The adaption process has minimal resource overhead and would improve overall safety for the network. The experimental setup is a back-end web service with clearly defined representation states as an initial test case. Results are collected, stored, and analyzed under three test conditions: a baseline with no user input, normal operations with user input, and finally a series of SQL injection attacks. The objective of test cases is to show that incorporation of protection mechanisms after post evaluation of objects and before updating the back end services provides little resource overhead. Therefore adapting the NIDS provides added safety and security with little impact on the service or users of a system. Libraries are implemented to interface to a firewall and adapt its rules when an invariant is violated. Evidence will be shown that an adaptive approach to securing a NIDS by a service endpoint can thwart malicious actors with little impact on system resources. Concluding a hybrid approach of using both the representation invariant and machine learning will be presented discussing the next stages of future research.
Databáze: OpenAIRE
Externí odkaz: