High-Performance Intrusion Response Planning on Many-Core Architectures

Iannucci, S., Chen, Q., & Abdelwahed, S. (2016). High-Performance Intrusion Response Planning on Many-Core Architectures. Workshop on Network Security Analytics and Automation. Waikoloa, HI: IEEE.

Abstract

The quantity and sophistication of cyber attacks have increased year by year, thus it is infeasible to manually process Intrusion Detection Systems (IDSs) alerts. Intrusion Response Systems (IRSs) extend IDSs by providing automatic protection mechanisms. The core of an IRS is its planning algorithm, in charge of selecting the best response action to counter the detected attacks. However, the planning algorithm has to be carefully designed and implemented in order to exhibit a low overhead and not to compromise the scalability of the protected system. In this paper we present the performance evaluation of an IRS based on Markov Decision Process (MDP), which leverages many-core co-processors. Such an IRS produces optimal long-term response policies evaluated according to a multi-criteria objective function. We show that, despite the complexity of the MDP modeling, the proposed IRS is able to protect large systems while introducing little to no overhead on the protected hosts.