Toward a novel classification-based attack detection and response architecture

Attacks on information systems have increased tremendously and have become more diverse and complex. Evolving in an unpredictable manner and having devastating outcomes, the detection and the selection of appropriate countermeasures has become a priority for security analysts. This paper introduces a classification-based Attack Detection system which provides a framework to evaluate, identify, classify and defend against sophisticated attacks. Our approach helps simplify complex rules´ expression and alert handling, thanks to a modular architecture and an intuitive rules defining with a high power of expression language. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms.