Advanced reaction using risk assessment in intrusion detection systems

Current intrusion detection systems go beyond the detection of attacks and provide reaction mechanisms to cope with detected attacks or at least reduce their effect. Previous research works have proposed methods to automatically select possible countermeasures capable of ending the detected attack. But actually, countermeasures have side effects and can be as harmful as the detected attack. In this paper, we propose to improve the reaction selection process by giving means to quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system. To achieve this goal, we adopt a risk assessment and analysis approach.

Mots clés

Intrusion detection systems Risk management Attack scenario Countermeasure Potentiality Impact

Domaines

Cryptographie et sécurité [cs.CR] Réseaux et télécommunications [cs.NI]

Fichier principal

Article.pdf (356.66 Ko)

Origine : Fichiers produits par l'(les) auteur(s)

Ex-Bibliothèque Télécom Bretagne (devenu IMT Atlantique) : Connectez-vous pour contacter le contributeur

https://hal.science/hal-00540863

Soumis le : lundi 29 novembre 2010-13:34:01

Dernière modification le : vendredi 24 mars 2023-14:52:53

Archivage à long terme le : vendredi 2 décembre 2016-21:26:29

Dates et versions

hal-00540863 , version 1 (29-11-2010)

Identifiants

HAL Id : hal-00540863 , version 1

Citer

Wael Kanoun, Nora Cuppens-Bouhlahia, Frédéric Cuppens, Fabien Autrel. Advanced reaction using risk assessment in intrusion detection systems. CRITIS'07: 2nd international workshop on Critical Information Infrastructures Security, Oct 2007, Malaga, Spain. ⟨hal-00540863⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-BREST INSTITUT-TELECOM CNRS LAB-STICC IMT-ATLANTIQUE

82 Consultations

188 Téléchargements