Intrusion Response Systems for the 5G Networks and Beyond : A New Joint Security-vs-QoS Optimization Approach

Bozorgchenani, Arash and Zarakovitis, Charilaos C. and Chien, Su Fong and Ni, Qiang and Gouglidis, Antonios and Mallouli, Wissam and Lim, Heng Siong (2024) Intrusion Response Systems for the 5G Networks and Beyond : A New Joint Security-vs-QoS Optimization Approach. IEEE Transactions on Network Science and Engineering. pp. 1-14. ISSN 2327-4697

Text (Author accepted final version) - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (0B)

Text (Author accepted final version) - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (0B)

Text (Author accepted final version)
Author_accepted_final_version.pdf - Accepted Version
Available under License Creative Commons Attribution.
Download (841kB)

Abstract

Network connectivity exposes the network infrastructure and assets to vulnerabilities that attackers can exploit. Protecting network assets against attacks requires the application of security countermeasures. Nevertheless, employing countermeasures incurs costs, such as monetary costs, along with time and energy to prepare and deploy the countermeasures. Thus, an Intrusion Response System (IRS) shall consider security and QoS costs when dynamically selecting the countermeasures to address the detected attacks. This has motivated us to formulate a joint Security-vs-QoS optimization problem to select the best countermeasures in an IRS. The problem is then transformed into a matching game-theoretical model. Considering the monetary costs and attack coverage constraints, we first derive the theoretical upper bound for the problem and later propose stable matching-based solutions to address the trade-off. The performance of the proposed solution, considering different settings, is validated over a series of simulations.