Title :
Automated planning for incident response based on CBR
Author :
Liu, Ping ; Yu, Haifeng ; Miao, Qing
Author_Institution :
Nat. Key Lab. of Sci. & Technol. on Inf. Syst. Security, Beijing Inst. of Syst. & Eng., Beijing, China
Abstract :
Although the new type of network security incidents continue to occur, most security incidents are similar, the response methods have in common, so CBR (Case Based Reasoning) technology can be used to describe the successful experience of the past incident response. Based on past examples of how to develop rapid response strategy is the key to incident responses. Automated planning method can greatly improve the efficiency and level of decision making. According to the characteristics of incident responses, combined with automatic planning method, CBR technology and ontology technology, a novel approach of getting incident response methods is presented.
Keywords :
case-based reasoning; decision making; ontologies (artificial intelligence); planning (artificial intelligence); security of data; automated planning; automatic planning method; case based reasoning technology; decision making; incident response method; network security incidents; ontology technology; Encoding; Grippers; Information security; Ontologies; Planning; Servers; CBR; incident response; information security; network system;
Conference_Titel :
Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6942-0
DOI :
10.1109/ICITIS.2010.5689586
