Antonino Rullo

Pareto-Optimal Adversarial Defense of Enterprise Systems

The National Vulnerability Database (NVD) maintained by the US National Institute of Standards and Technology provides valuable information about vulnerabilities in popular software, as well as any patches available to address these vulnerabilities. Most enterprise security managers today simply patch the most dangerous vulnerabilities—an adversary can thus easily compromise an enterprise by using less important vulnerabilities to penetrate an enterprise. In this article, we capture the vulnerabilities in an enterprise as a Vulnerability Dependency Graph (VDG) and show that attacks graphs can be expressed in them. We first ask the question: What set of vulnerabilities should an attacker exploit in order to maximize his expected impact? We show that this problem can be solved as an integer linear program. The defender would obviously like to minimize the impact of the worst-case attack mounted by the attacker—but the defender also has an obligation to ensure a high productivity within his enterprise. We propose an algorithm that finds a Pareto-optimal solution for the defender that allows him to simultaneously maximize productivity and minimize the cost of patching products on the enterprise network. We have implemented this framework and show that runtimes of our computations are all within acceptable time bounds even for large VDGs containing 30K edges and that the balance between productivity and impact of attacks is also acceptable.

A Game of Things: Strategic Allocation of Security Resources for IoT

In many Internet of ing (IoT) application domains security is a critical requirement, because malicious parties can undermine the eectiveness of IoT-based systems by compromising single components and/or communication channels. us, a security infrastructure is needed to ensure the proper functioning of such systems even under aack. However, it is also critical that security be at a reasonable resource and energy cost, as many IoT devices may not have sucient resources to host expensive security tools. In this paper, we focus on the problem of eciently and eectively securing IoT networks by carefully allocating security tools. We model our problem according to game theory, and provide a Paretooptimal solution, in which the cost of the security infrastructure, its energy consumption, and the probability of a successful aack, are minimized. Our experimental evaluation shows that our technique improves the system robustness in terms of packet delivery rate for dierent network topologies.

Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things

In this paper, we introduce Kalis, a self-adapting, knowledge-driven expert Intrusion Detection System able to detect attacks in real time across a wide range of IoT systems. Kalis does not require changes to existing IoT software, can monitor a wide variety of protocols, has no performance impact on applications on IoT devices, and enables collaborative security scenarios. Kalis is the first comprehensive approach to intrusion detection for IoT that does not target individual protocols or applications, and adapts the detection strategy to the specific network features. Extensive evaluation shows that Kalis is effective and efficient in detecting attacks to IoT systems.

Strategic Security Resource Allocation for Internet of Things

In many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. In this paper, we focus on the problem of efficiently and effectively securing IoT networks by carefully allocating security tools.

Shortfall-Based Optimal Placement of Security Resources for Mobile IoT Scenarios

We present a method for computing the best provisioning of security resources for Internet of Things (IoT) scenarios characterized by a high degree of mobility. The security infrastructure is specified by a security resource allocation plan computed as the solution of an optimization problem that minimizes the risk of having IoT devices not monitored by any resource. Due the mobile nature of IoT devices, a probabilistic framework for modeling such scenarios is adopted. We adapt the concept of shortfall from economics as a risk measure and show how to compute and evaluate the quality of an allocation plan. The proposed approach fits well with applications such as vehicular networks, mobile ad-hoc networks, smart cities, or any IoT environment characterized by mobile devices that needs a monitoring infrastructure.

The AC-Index: Fast Online Detection of Correlated Alerts

We propose an indexing technique for alert correlation that supports DFA-like patterns with user-defined correlation functions. Our AC-Index supports i the retrieval of the top-k possibly non-contiguous sub-sequences, ranked on the basis of an arbitrary user-provided severity function, ii the concurrent retrieval of sub-sequences that match any pattern in a given set, iii the retrieval of partial occurrences of the patterns, and iv the online processing of streaming logs. The experimental results confirm that, although the supported model is very expressive, the AC-Index is able to guarantee a very high efficiency of the retrieval process.

Malevolent Activity Detection with Hypergraph-Based Models

We propose a hypergraph-based framework for modeling and detecting malevolent activities. The proposed model supports the specification of order-independent sets of action symbols along with temporal and cardinality constraints on the execution of actions. We study and characterize the problems of consistency checking, equivalence, and minimality of hypergraph-based models. In addition, we define and characterize the general activity detection problem, that amounts to finding all subsequences that represent a malevolent activity in a sequence of logged actions. Since the problem is intractable, we also develop an index data structure that allows the security expert to efficiently extract occurrences of activities of interest.

Optimal Placement of Security Resources for the Internet of Things

In many Internet of Thing application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and/or energy cost. This chapter deals with the problem of efficiently and effectively securing IoT networks by carefully allocating security resources in the network area. The problem is modeled according to game theory, and provide a Pareto-optimal solution, in which the cost of the security infrastructure and the probability of a successful attack are minimized. As in the context of smart urban ecosystems both static and mobile smart city applications can take place, two different formalizations are provided for the two scenarios. For static networks, the optimization problem is modeled as a mixed integer linear program, whereas for mobile scenarios, computational intelligent techniques are adopted for providing a good approximation of the optimal solution.

Shortfall-Based Optimal Security Provisioning for Internet of Things

We present a formal method for computing the bestsecurity provisioning for Internet of Things (IoT) scenarios characterizedby a high degree of mobility. The security infrastructureis intended as a security resource allocation plan, computedas the solution of an optimization problem that minimizes therisk of having IoT devices not monitored by any resource. Weemploy the shortfall as a risk measure, a concept mostly usedin the economics, and adapt it to our scenario. We show how tocompute and evaluate an allocation plan, and how such securitysolutions address the continuous topology changes that affect anIoT environment.