Adaptive agent-based intrusion response
作者: Udo W. Pooch , Curtis A. Carver
DOI:
关键词:
摘要: A new methodology has been developed for adaptive, automated intrusion response (IR) focusing on the role of software agents in providing that response. The majority systems (IRSs) react to attacks by generating reports or alarms. This introduces a window vulnerability between when an is detected and action taken defend against attack. reduced through agent-based system adaptively responds intrusions. Multiple IDSs monitor computer generate Interface maintain model each IDS based number false positives/negatives previously generated. It uses this attack confidence metric passes along with alarm Master Analysis agent. agent classifies whether incident continuation existing If it attack, creates develop plan handling analyzes until resolved generates course resolve incident. To action, involves Response Taxonomy classify Policy Specification limit legal, ethical, institutional, resource constraints. then invokes appropriate components Toolkit. employ adaptive decision-making success previous responses. As decisions are made, results displayed user interface. This research presents novel IR includes: adaptation intrusive behavior detection mechanism; responses; and, synergistic support multiple IDSs.
acm.org 参考文章(44)
Matt Bishop, A Taxonomy of UNIX System and Network Vulnerabilities ,(1997)
Stephen E. Hansen, E. Todd Atkins, Automated System Monitoring and Notification With Swatch usenix large installation systems administration conference. pp. 145- 152 ,(1993)
Terran Lane, Carla E Brodley, An Application of Machine Learning to Anomaly Detection ,(1999)
Giovanni Vigna, Richard A. Kemmerer, NetSTAT: a network-based intrusion detection system Journal of Computer Security. ,vol. 7, pp. 37- 71 ,(1999) , 10.3233/JCS-1999-7103
Eugene H. Spafford, Mark Crosbie, Active Defense of a Computer System using Autonomous Agents ,(1995)
Phil Porras, STAT -- A State Transition Analysis Tool For Intrusion Detection University of California at Santa Barbara. ,(1993)
Eugene H. Spafford, Ivan Krsul, Taimur Aslam, Use of A Taxonomy of Security Faults ,(1996)
Jia-Ling Lin, X.S. Wang, S. Jajodia, Abstraction-based misuse detection: high-level specifications and adaptable strategies ieee computer security foundations symposium. pp. 190- 201 ,(1998) , 10.1109/CSFW.1998.683169
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
Eugene H. Spafford, Sandeep Kumar, A Software Architecture to Support Misuse Intrusion Detection ,(1995)