Automated reaction based on risk analysis and attackers skills in intrusion detection systems

Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable...

Full description

Saved in:
Bibliographic Details
Main Authors: Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Araujo, J.
Format: Conference Proceeding
Language:English
Subjects:
attack scenario
Communication system traffic control
Computer Science
countermeasure
Counting circuits
Cryptography and Security
impact
Information analysis
Information systems
Internet
Intrusion detection
Intrusion detection system
Networking and Internet Architecture
potentiality
Risk analysis
Risk management
Security
skill and knowledge
Telecommunications
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view.
ISSN:2151-4763
2151-478X
DOI:10.1109/CRISIS.2008.4757471