Jones, Bryan A.
Morris, Thomas H.
Date of Degree
Dissertation - Open Access
Doctor of Philosophy
James Worth Bagley College of Engineering
Department of Electrical and Computer Engineering
This research focuses on the development and validation of an autonomic security management (ASM) framework to proactively protect distributed systems (DSs) from a wide range of cyber assaults with little or no human intervention. Multi-dimensional cyber attack taxonomy was developed to characterize cyber attack methods and tactics against both a Web application (Web-app) and an industrial control system (ICS) by accounting for their impacts on a set of system, network, and security features. Based on this taxonomy, a normal region of system performance is constructed, refined, and used to predict and identify abnormal system behavior with the help of forecasting modules and intrusion detection systems (IDS). Protection mechanisms are evaluated and implemented by a multi-criteria analysis controller (MAC) for their efficiency in eliminating and/or mitigating attacks, maintaining normal services, and minimizing operational costs and impacts. Causes and impacts of unknown attacks are first investigated by an ASM framework learning module. Attack signatures are then captured to update IDS detection algorithms and MAC protection mechanisms in near real-time. The ASM approach was validated within Web-app and ICS testbeds demonstrating the effectiveness of the self-protection capability. Experiments were conducted using realworld cyber attack tools and profiles. Experimental results show that DS security behavior is predicted, detected, and eliminated thus validating our original hypothesis concerning the self-protection core capability. One important benefit from the self-protection feature is the cost-effective elimination of malicious requests before they impede, intrude or compromise victim systems. The ASM framework can also be used as a decision support system. This feature is important especially when unknown attack signatures are ambiguous or when responses selected automatically are not efficient or are too risky to mitigate attacks. In this scenario, man-in-the-loop decisions are necessary to provide manual countermeasures and recovery operations. The ASM framework is resilient because its main modules are installed on a master controller virtual machine (MC-VM). This MC-VM is simple to use and configure for various platforms. The MC-VM is protected; thus, even if the internal network is compromised, the MC-VM can still maintain “normal” self-protection services thereby defending the host system from cyber attack on-thely.
Chen, Qian, "Model-Based Autonomic Security Management of Networked Distributed Systems" (2014). Theses and Dissertations MSU. 3130.