Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework |
| |
Authors: | Frédéric Cuppens Fabien Autrel Yacine Bouzida Joaquin Garcia Sylvain Gombault Thierry Sans |
| |
Affiliation: | 1. GET-ENST Bretagne, 2, rue de la Chataigneraie, CS 17607, 35576, Cesson Sévigné Cedex, France 2. UAB-DEIC, Edifici Q, 08193, Bellaterra, Spain
|
| |
Abstract: | Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection that implements the response mechanisms presented in this paper. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|