Selecting appropriate counter-measures in an intrusion detection framework

Cuppens, Frédéric; Gombault, Sylvain; Sans, T.

doi:10.1109/csfw.2004.1310733

Cited by 7 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The DIAMS platform, presented in Cuppens et al [8], provides response generation mechanisms for detected attacks. The authors state that not only is intrusion detection important for a safe environment, but also the existence of efficient response mechanisms to deal with the detected intrusions.…”

Section: Related Studiesmentioning

confidence: 99%

Improvements in the model for interoperability of intrusion detection responses compatible with the IDWG model

Silva

Westphall

2006

Int J Network Mgmt

View full text Add to dashboard Cite

SUMMARYThis paper presents a model for response interoperability between intruder detection systems (IDSs), compatible with the model for alert interoperability developed by the Intrusion Detection Working Group (IDWG). Alterations in IDS IDWG architecture are proposed in order to provide for response interoperability support. The development and testing of the proposed model and its components are also presented.

show abstract

Section: Related Studiesmentioning

confidence: 99%

Improvements in the model for interoperability of intrusion detection responses compatible with the IDWG model

Silva

Westphall

2006

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…We assume in this approach that intrusion detection systems and alert correlation techniques allow a clear identification of the threat, including the threat type (typically represented by a set of signatures and references to vulnerability databases), the threat origin (represented in most cases by an IP address), and the threat victim (represented by a host under our control, a process, or any set of components of our information system), as in [6] for example. As shown in [7], it is indeed possible to use configuration information to adapt the detection mechanism to its environment, thus ensuring that contextual information in the alerts is exhaustive and correct.…”

Section: Comprehensive Approach To Threat Responsementioning

confidence: 99%

Enabling automated threat response through the use of a dynamic security policy

et al. 2007

View full text Add to dashboard Cite

Information systems security issues are currently being addressed using different techniques, such as authentication, encryption and access control, through the definition of security policies, but also using monitoring techniques, in particular intrusion detection systems. We can observe that security monitoring is currently totally decorrelated from security policies, that is security requirements are not linked with the means used to control their fulfillment. Most of the time, security operators have to analyze monitoring results and manually react to provide countermeasures to threats compromising the security policy. The response process is far from trivial, since it both relies on the relevance of the threat analysis and on the adequacy of the selected countermeasures. In this paper, we present an approach aiming at connecting monitoring techniques with security policy management in order to provide response to threat. We propose an architecture allowing to dynamically and automatically deploy a generic security policy into concrete policy instances taking into account the threat level characterized thanks to intrusion detection systems. Such an approach provides means to bridge the gap between existing detection approaches and new requirements, which clearly deal with the development of intrusion prevention systems, enabling a better protection of the resources and services.

show abstract

“…A game theoretic approach is presented by Alpcan and Basar [20] who use cooperative game theory for analysis and configuration purposes and, additionally, bring a two-person finite game into play when modeling the interaction between the IDS and the attacker. Next, Cuppens et al [21], [22] present a data-based approach using logical representations of intrusions and countermeasures. Their LAMBDA (Language to Model a database for Detection of Attacks) aims at building libraries of attacks and countermeasures in order to later-on use anti-correlation when searching for a proper combination of responses to a given threat.…”

Section: B Decision Support For Securitymentioning

confidence: 99%

Workshop-based multiobjective security safeguard selection

Neubauer

Stummer

Weippl

2006

First International Conference on Availability, Reliability and Security (ARES'06)

View full text Add to dashboard Cite

Abstract-Companies spend considerable amounts of resources on minimizing security breaches but often neglect efficient security measures and/or are not aware whether their investments are effective. While security safeguards traditionally are evaluated through a single (aggregated) criterion such as the return on investment, this may not suffice any longer as economic and legal requirements force top management to pay more attention to security issues. Thus, there is a demand for decision support tools that assist decision makers in allocating security safeguards with respect to multiple objectives of the involved stakeholders. This paper proposes a tool called MOS 3 T (Multi-Objective Security Safeguard Selection Tool), that integrates ideas from multiobjective decision making in a workshop environment. The stepwise procedure for the assessment and interactive selection of sets of security safeguards improves security awareness of top management while minimizing the resources required for implementing a proper security environment that meets a corporate's needs.

show abstract

Selecting appropriate counter-measures in an intrusion detection framework

Cited by 7 publications

References 10 publications

Improvements in the model for interoperability of intrusion detection responses compatible with the IDWG model

Improvements in the model for interoperability of intrusion detection responses compatible with the IDWG model

Enabling automated threat response through the use of a dynamic security policy

Workshop-based multiobjective security safeguard selection

Contact Info

Product

Resources

About