On Media-Based Modulation Using RF Mirrors

Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a pla!form of intrusion detection that implements the response mechanisms presented in this paper. R~sum~Etant donn6 que les systbmes informatiques sont de plus en plus vuln6rables aux activit(s malveillantes, l' utilisation de la d6tection d'intrusion est n(cessaire mais ne suffit pas. Nous devons (laborer des m6thodes efficaces de r(action aux intrusions afin d'arr~ter les intrusions d(tect~es. Notre approche est bas6e sur une biblioth~que de diff(rents types de contremesures. L'objectif est d'aider l'administrateur & choisir dans cette bibliothkque la contre-mesure la mieux adapt~e quand une intrusion est d(tect~e. Pour ce faire nous d~finis-sons formellement la notion d'anti-corr6lation qui est utilis6e pour s6lectionner les contremesures permettant d'arr6ter l'intrusion. Nous finissons par la presentation d'une plateforme de d(tection d'intrusion mettant en ~euvre les m(canismes pr(sent6s dans cet article. Mots cl6s : S6curit~ informatique, D6tecteur intrus, Protection information. Corr61ation, Mod~lisation, ModUle logique.

show abstract

Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation

García

Autrel

Borrell

et al. 2004

View full text Add to dashboard Cite

We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.

show abstract

Advanced Reaction Using Risk Assessment in Intrusion Detection Systems

Kanoun

Cuppens-Boulahia

Cuppens

et al. 2008

View full text Add to dashboard Cite

Current intrusion detection systems go beyond the detection of attacks and provide reaction mechanisms to cope with detected attacks or at least reduce their effect. Previous research works have proposed methods to automatically select possible countermeasures capable of ending the detected attack. But actually, countermeasures have side effects and can be as harmful as the detected attack. In this paper, we propose to improve the reaction selection process by giving means to quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system. To achieve this goal, we adopt a risk assessment and analysis approach.

show abstract

Metric for Security Activities Assisted by Argumentative Logic

Bouyahia

Idrees

Cuppens-Boulahia

et al. 2015

View full text Add to dashboard Cite

Abstract. Recent security concerns related to future embedded systems make enforcement of security requirements one of the most critical phases when designing such systems. This paper introduces an approach for efficient enforcement of security requirements based on argumentative logic, especially reasoning about activation or deactivation of different security mechanisms under certain functional and non-functional requirements. In this paper, the argumentative logic is used to reason about the rationale behind dynamic enforcement of security policies.

show abstract

Enhanced Correlation in an Intrusion Detection Process

Benferhat

Autrel

Cuppens

2003

View full text Add to dashboard Cite

Reaction Policy Model Based on Dynamic Organizations and Threat Context

Autrel

Cuppens-Boulahia

Cuppens

2009

View full text Add to dashboard Cite

Using Requirements Engineering in an Automatic Security Policy Derivation Process

Graa

Cuppens-Boulahia²,

Autrel³

et al. 2012

View full text Add to dashboard Cite

The Evolution of Federated Learning-Based Intrusion Detection and Mitigation: A Survey

Lavaur

Pahl

Busnel

et al. 2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

In 2016, Google introduced the concept of Federated Learning (FL), enabling collaborative Machine Learning (ML). FL does not share local data but ML models, offering applications in diverse domains. This paper focuses on the application of FL to Intrusion Detection Systems (IDSs). There, common criteria to compare existing solutions are missing. In particular, this survey shows: (i) how FL-based IDSs are used in different domains; (ii) what differences exist between architectures; (iii) the state of the art of FL-based IDS. With a structured literature survey, this work identifies the relevant state of the art in FL-based intrusion detection from its creation in 2016 until 2021. It provides a reference architecture and a taxonomy to serve as guidelines to compare and design FLbased IDSs. Both are validated with the existing works. Finally, it identifies research directions for the application of FL to intrusion detection systems.

show abstract

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Fabien Autrel

Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation

Advanced Reaction Using Risk Assessment in Intrusion Detection Systems

Metric for Security Activities Assisted by Argumentative Logic

Enhanced Correlation in an Intrusion Detection Process

Reaction Policy Model Based on Dynamic Organizations and Threat Context

Using Requirements Engineering in an Automatic Security Policy Derivation Process

The Evolution of Federated Learning-Based Intrusion Detection and Mitigation: A Survey

Contact Info

Product

Resources

About