Loading…
Automated reaction based on risk analysis and attackers skills in intrusion detection systems
Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference Proceeding |
| Language: | English |
| Subjects: | |
| Online Access: | Request full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 124 |
| container_issue | |
| container_start_page | 117 |
| container_title | |
| container_volume | |
| creator | Kanoun, W. Cuppens-Boulahia, N. Cuppens, F. Araujo, J. |
| description | Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view. |
| doi_str_mv | 10.1109/CRISIS.2008.4757471 |
| format | conference_proceeding |
| fullrecord | <record><control><sourceid>hal_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_4757471</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4757471</ieee_id><sourcerecordid>oai_HAL_hal_00540864v1</sourcerecordid><originalsourceid>FETCH-LOGICAL-h254t-db15e20feb031f646726bb8dad8668eef350b4fc6b526d3f294e03c37412bfdb3</originalsourceid><addsrcrecordid>eNo9UE1rAjEQDW2FqvUXeNlrD2vzMUl2jyJtFYRCbaGXsiSbCaauWjax4L_viuIwMO_NvPcOQ8iY0QljtHyavS9Wi9WEU1pMQEsNmt2QPmeS5aCLr1syYMABhKClurselOiRwclT0hK4viejGH9oVxqgBNkn39ND2m9NQpe1aOoU9rvMmtjRDrQhbjKzM80xhtgBl5mUTL3BNmZxE5omZmHXdWoP8WR0mPAcEY8x4TY-kJ43TcTRZQ7J58vzx2yeL99eF7PpMl9zCSl3lknk1KOlgnkFSnNlbeGMK5QqEL2Q1IKvlZVcOeF5CUhFLTQwbr2zYkgez7lr01S_bdia9ljtTajm02V12lEqgRYK_linHZ-1ARGv4stLxT-jG2f0</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Automated reaction based on risk analysis and attackers skills in intrusion detection systems</title><source>IEEE Xplore All Conference Series</source><creator>Kanoun, W. ; Cuppens-Boulahia, N. ; Cuppens, F. ; Araujo, J.</creator><creatorcontrib>Kanoun, W. ; Cuppens-Boulahia, N. ; Cuppens, F. ; Araujo, J.</creatorcontrib><description>Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view.</description><identifier>ISSN: 2151-4763</identifier><identifier>ISBN: 1424433096</identifier><identifier>ISBN: 9781424433094</identifier><identifier>EISSN: 2151-478X</identifier><identifier>DOI: 10.1109/CRISIS.2008.4757471</identifier><identifier>LCCN: 2008909427</identifier><language>eng</language><publisher>IEEE</publisher><subject>attack scenario ; Communication system traffic control ; Computer Science ; countermeasure ; Counting circuits ; Cryptography and Security ; impact ; Information analysis ; Information systems ; Internet ; Intrusion detection ; Intrusion detection system ; Networking and Internet Architecture ; potentiality ; Risk analysis ; Risk management ; Security ; skill and knowledge ; Telecommunications</subject><ispartof>2008 Third International Conference on Risks and Security of Internet and Systems, 2008, p.117-124</ispartof><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4757471$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>230,310,311,786,790,795,796,891,2071,4069,4070,27958,54906,55271,55283</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4757471$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc><backlink>$$Uhttps://hal.science/hal-00540864$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Kanoun, W.</creatorcontrib><creatorcontrib>Cuppens-Boulahia, N.</creatorcontrib><creatorcontrib>Cuppens, F.</creatorcontrib><creatorcontrib>Araujo, J.</creatorcontrib><title>Automated reaction based on risk analysis and attackers skills in intrusion detection systems</title><title>2008 Third International Conference on Risks and Security of Internet and Systems</title><addtitle>CRISIS</addtitle><description>Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view.</description><subject>attack scenario</subject><subject>Communication system traffic control</subject><subject>Computer Science</subject><subject>countermeasure</subject><subject>Counting circuits</subject><subject>Cryptography and Security</subject><subject>impact</subject><subject>Information analysis</subject><subject>Information systems</subject><subject>Internet</subject><subject>Intrusion detection</subject><subject>Intrusion detection system</subject><subject>Networking and Internet Architecture</subject><subject>potentiality</subject><subject>Risk analysis</subject><subject>Risk management</subject><subject>Security</subject><subject>skill and knowledge</subject><subject>Telecommunications</subject><issn>2151-4763</issn><issn>2151-478X</issn><isbn>1424433096</isbn><isbn>9781424433094</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNo9UE1rAjEQDW2FqvUXeNlrD2vzMUl2jyJtFYRCbaGXsiSbCaauWjax4L_viuIwMO_NvPcOQ8iY0QljtHyavS9Wi9WEU1pMQEsNmt2QPmeS5aCLr1syYMABhKClurselOiRwclT0hK4viejGH9oVxqgBNkn39ND2m9NQpe1aOoU9rvMmtjRDrQhbjKzM80xhtgBl5mUTL3BNmZxE5omZmHXdWoP8WR0mPAcEY8x4TY-kJ43TcTRZQ7J58vzx2yeL99eF7PpMl9zCSl3lknk1KOlgnkFSnNlbeGMK5QqEL2Q1IKvlZVcOeF5CUhFLTQwbr2zYkgez7lr01S_bdia9ljtTajm02V12lEqgRYK_linHZ-1ARGv4stLxT-jG2f0</recordid><startdate>200810</startdate><enddate>200810</enddate><creator>Kanoun, W.</creator><creator>Cuppens-Boulahia, N.</creator><creator>Cuppens, F.</creator><creator>Araujo, J.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope><scope>1XC</scope><scope>VOOES</scope></search><sort><creationdate>200810</creationdate><title>Automated reaction based on risk analysis and attackers skills in intrusion detection systems</title><author>Kanoun, W. ; Cuppens-Boulahia, N. ; Cuppens, F. ; Araujo, J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-h254t-db15e20feb031f646726bb8dad8668eef350b4fc6b526d3f294e03c37412bfdb3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>attack scenario</topic><topic>Communication system traffic control</topic><topic>Computer Science</topic><topic>countermeasure</topic><topic>Counting circuits</topic><topic>Cryptography and Security</topic><topic>impact</topic><topic>Information analysis</topic><topic>Information systems</topic><topic>Internet</topic><topic>Intrusion detection</topic><topic>Intrusion detection system</topic><topic>Networking and Internet Architecture</topic><topic>potentiality</topic><topic>Risk analysis</topic><topic>Risk management</topic><topic>Security</topic><topic>skill and knowledge</topic><topic>Telecommunications</topic><toplevel>online_resources</toplevel><creatorcontrib>Kanoun, W.</creatorcontrib><creatorcontrib>Cuppens-Boulahia, N.</creatorcontrib><creatorcontrib>Cuppens, F.</creatorcontrib><creatorcontrib>Araujo, J.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Kanoun, W.</au><au>Cuppens-Boulahia, N.</au><au>Cuppens, F.</au><au>Araujo, J.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Automated reaction based on risk analysis and attackers skills in intrusion detection systems</atitle><btitle>2008 Third International Conference on Risks and Security of Internet and Systems</btitle><stitle>CRISIS</stitle><date>2008-10</date><risdate>2008</risdate><spage>117</spage><epage>124</epage><pages>117-124</pages><issn>2151-4763</issn><eissn>2151-478X</eissn><isbn>1424433096</isbn><isbn>9781424433094</isbn><abstract>Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view.</abstract><pub>IEEE</pub><doi>10.1109/CRISIS.2008.4757471</doi><tpages>8</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 2151-4763 |
| ispartof | 2008 Third International Conference on Risks and Security of Internet and Systems, 2008, p.117-124 |
| issn | 2151-4763 2151-478X |
| language | eng |
| recordid | cdi_ieee_primary_4757471 |
| source | IEEE Xplore All Conference Series |
| subjects | attack scenario Communication system traffic control Computer Science countermeasure Counting circuits Cryptography and Security impact Information analysis Information systems Internet Intrusion detection Intrusion detection system Networking and Internet Architecture potentiality Risk analysis Risk management Security skill and knowledge Telecommunications |
| title | Automated reaction based on risk analysis and attackers skills in intrusion detection systems |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-09-22T02%3A27%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-hal_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Automated%20reaction%20based%20on%20risk%20analysis%20and%20attackers%20skills%20in%20intrusion%20detection%20systems&rft.btitle=2008%20Third%20International%20Conference%20on%20Risks%20and%20Security%20of%20Internet%20and%20Systems&rft.au=Kanoun,%20W.&rft.date=2008-10&rft.spage=117&rft.epage=124&rft.pages=117-124&rft.issn=2151-4763&rft.eissn=2151-478X&rft.isbn=1424433096&rft.isbn_list=9781424433094&rft_id=info:doi/10.1109/CRISIS.2008.4757471&rft_dat=%3Chal_CHZPO%3Eoai_HAL_hal_00540864v1%3C/hal_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-h254t-db15e20feb031f646726bb8dad8668eef350b4fc6b526d3f294e03c37412bfdb3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4757471&rfr_iscdi=true |