Expression and Deployment of Reaction Policies
作者: Frédéric Cuppens , Nora Cuppens-Boulahia , Yacine Bouzida , Wael Kanoun , Aurélien Croissant
关键词:
摘要: Current prevention techniques provide restrictive responses that may take a local reaction in limited information system infrastructure. In this paper, an depth and comprehensive approach is introduced for responding to intrusions efficient way. This considers not only the threat architecture of monitored system, but also security policy. The proposed workflow links lowest level corresponding intrusion detection mechanisms,including misuse anomaly techniques, access control with higher evaluates alerts at three different levels, it then reacts against threats appropriate counter measures each accordingly.
sci-hub.se 参考文章(19)
Giovanni Vigna, Richard A. Kemmerer, NetSTAT: a network-based intrusion detection system Journal of Computer Security. ,vol. 7, pp. 37- 71 ,(1999) , 10.3233/JCS-1999-7103
Wael Kanoun, Nora Cuppens-Boulahia, Frédéric Cuppens, Fabien Autrel, Advanced Reaction Using Risk Assessment in Intrusion Detection Systems Critical Information Infrastructures Security. pp. 58- 70 ,(2008) , 10.1007/978-3-540-89173-4_6
Frédéric Cuppens, Rodolphe Ortalo, LAMBDA: A Language to Model a Database for Detection of Attacks recent advances in intrusion detection. pp. 197- 216 ,(2000) , 10.1007/3-540-39945-3_13
Wenke Lee, Wei Fan, Matthew Miller, Salvatore J. Stolfo, Erez Zadok, Toward cost-sensitive modeling for intrusion detection and response Journal of Computer Security. ,vol. 10, pp. 5- 22 ,(2002) , 10.3233/JCS-2002-101-202
F. Cuppens, N. Cuppens-Boulahia, T. Sans, Nomad: a security model with non atomic actions and deadlines ieee computer security foundations symposium. pp. 186- 196 ,(2005) , 10.1109/CSFW.2005.20
Frédéric Cuppens, Nora Cuppens-Boulahia, Meriam Ben Ghorbel, High Level Conflict Management Strategies in Advanced Access Control Models Electronic Notes in Theoretical Computer Science. ,vol. 186, pp. 3- 26 ,(2007) , 10.1016/J.ENTCS.2007.01.064
T. Toth, C. Kruegel, Evaluating the impact of automated intrusion response mechanisms 18th Annual Computer Security Applications Conference, 2002. Proceedings.. pp. 301- 310 ,(2002) , 10.1109/CSAC.2002.1176302
Hervé Debar, Yohann Thomas, Frédéric Cuppens, Nora Cuppens-Boulahia, Enabling automated threat response through the use of a dynamic security policy Journal in Computer Virology. ,vol. 3, pp. 195- 210 ,(2007) , 10.1007/S11416-007-0039-Z
H. Sengar, D. Wijesekera, Haining Wang, S. Jajodia, VoIP Intrusion Detection Through Interacting Protocol State Machines dependable systems and networks. pp. 393- 402 ,(2006) , 10.1109/DSN.2006.73
Frédéric Cuppens, Fabien Autrel, Yacine Bouzida, Joaquin Garcia, Sylvain Gombault, Thierry Sans, Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework Annales Des Télécommunications. ,vol. 61, pp. 197- 217 ,(2006) , 10.1007/BF03219974