Service migration is an important strategy to improve a system's ability to survive malicious attacks and to continually provide mission-critical services. By moving the critical services from their compromised platforms to other clean, healthy platforms in order for those services to continuously function on those new platforms, further loss can be avoided in case of a devastating attack. Given the increasing complexity of malicious attacks and limited resources to fully assess any damage caused by attacks within a short period of time, damage assessment as provided by each intrusion detection agent is often incomplete or uncertain. By integrating multiple sources of damage assessments from different intrusion detection agents, a more reliable and trustworthy damage assessment can be formed about a platform of concern. Such a combined damage assessment is important in determining whether a service migration is necessary. We present a transferable belief-based decision model to represent and combine individual damage assessment outputs from multiple intrusion detection agents and then construct a comprehensive, more reliable output. A final decision can be made to choose the most effective and cost efficient security action to take in an intrusion scenario.
展开▼