Title :
Selecting appropriate counter-measures in an intrusion detection framework
Author :
Cuppens, Frédéric ; Gombault, Sylvain ; Sans, Thierry
Author_Institution :
GET-ENST-Bretagne, France
Abstract :
Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection, called DIAMS, that implements the response mechanisms presented in this paper.
Keywords :
decision support systems; formal specification; security of data; software libraries; software tools; DIAMS; IDMEF; anti-correlation; computer infrastructure; counter-measures; decision support tool; formal method; intrusion circumvention; intrusion detection; software library; Computer crime; Computer security; Conferences; Counting circuits; Distributed computing; Ethics; Intrusion detection; Law; Legal factors; Libraries;
Conference_Titel :
Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE
Print_ISBN :
0-7695-2169-X
DOI :
10.1109/CSFW.2004.1310733
