Title :
IRSS: Incident Response Support System
Author :
Capuzzi, Gianluca ; Spalazzi, Luca ; Pagliarecci, Francesco
Author_Institution :
Universita Politecnica delle Marche, Italy
Abstract :
Computer and network security can be improved by three kinds of tools: tools for intrusion prevention, tools for intrusion detection, and tools for incident response. Several systems have been proposed and developed for the first two kinds of tools. Concerning the third, as far as we know, the response is still left to the system administrator: no automatic tools have been developed. Indeed, even if forensic analysis and data recovery tools there exist, we do not yet have a comprehensive tool which includes log correlation, attack classification, and response plan generation. This paper presents IRSS, an Incident Response Support System that correlates events in order to classify attacks, looks in a knowledge base for past attacks similar to the current one (according to given similarity metrics), and reuses the past responses (adapted to the current attack) in order to restore the normal conditions and improve the network security.
Keywords :
Alert Correlation; Framework for Security; Incident; Intrusion and Attack detection; Response; Computer networks; Computer security; Data analysis; Event detection; Feedback; Floods; Forensics; Information security; Intrusion detection; Operating systems; Alert Correlation; Framework for Security; Incident; Intrusion and Attack detection; Response;
Conference_Titel :
Collaborative Technologies and Systems, 2006. CTS 2006. International Symposium on
Print_ISBN :
0-9785699-0-3
DOI :
10.1109/CTS.2006.55
