Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework
作者: Frédéric Cuppens , Fabien Autrel , Yacine Bouzida , Joaquin Garcia , Sylvain Gombault
DOI: 10.1007/BF03219974
关键词:
摘要: Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need design effective response techniques circumvent intrusions when they detected. Our approach based on a library that implements different types of counter-measures. The idea decision support tool help the administrator choose, in this library, appropriate counter-measure given occurs. For purpose, we formally define notion anti-correlation which used determine counter-measures stop intrusion. Finally, present platform mechanisms presented paper.
springer.com
archives-ouvertes.fr
sci-hub.se 参考文章(12)
K. Julisch, Mining alarm clusters to improve alarm handling efficiency annual computer security applications conference. pp. 12- 21 ,(2001) , 10.1109/ACSAC.2001.991517
Stephen Northcutt, Judy Novak, Network Intrusion Detection ,(1999)
Joaquin Garcia, Fabien Autrel, Joan Borrell, Sergio Castillo, Frederic Cuppens, Guillermo Navarro, Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation international conference on information and communication security. pp. 223- 235 ,(2004) , 10.1007/978-3-540-30191-2_18
Frédéric Cuppens, Rodolphe Ortalo, LAMBDA: A Language to Model a Database for Detection of Attacks recent advances in intrusion detection. pp. 197- 216 ,(2000) , 10.1007/3-540-39945-3_13
F. Cuppens, T. Sans, S. Gombault, Selecting appropriate counter-measures in an intrusion detection framework ieee computer security foundations symposium. pp. 78- 87 ,(2004) , 10.1109/CSFW.2004.18
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
M. Petkac, L. Badger, Security agility in response to intrusion detection annual computer security applications conference. pp. 11- 20 ,(2000) , 10.1109/ACSAC.2000.898853
Peng Ning, Dingbang Xu, Learning attack strategies from intrusion alerts computer and communications security. pp. 200- 209 ,(2003) , 10.1145/948109.948137
F. Cuppens, A. Miege, Alert correlation in a cooperative intrusion detection framework ieee symposium on security and privacy. pp. 202- 215 ,(2002) , 10.1109/SECPRI.2002.1004372
Rebecca Gurley Bace, Intrusion detection ,(1999)