反应策略的表达和部署

2008 IEEE International Conference on Signal Image Technology and Internet Based Systems Pub Date : 2008-11-30 DOI:10.1109/SITIS.2008.96

F. Cuppens, N. Cuppens-Boulahia, Y. Bouzida, Wael Kanoun, Aurel Croissant

{"title":"反应策略的表达和部署","authors":"F. Cuppens, N. Cuppens-Boulahia, Y. Bouzida, Wael Kanoun, Aurel Croissant","doi":"10.1109/SITIS.2008.96","DOIUrl":null,"url":null,"abstract":"Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms,including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly.","PeriodicalId":202698,"journal":{"name":"2008 IEEE International Conference on Signal Image Technology and Internet Based Systems","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Expression and Deployment of Reaction Policies\",\"authors\":\"F. Cuppens, N. Cuppens-Boulahia, Y. Bouzida, Wael Kanoun, Aurel Croissant\",\"doi\":\"10.1109/SITIS.2008.96\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms,including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly.\",\"PeriodicalId\":202698,\"journal\":{\"name\":\"2008 IEEE International Conference on Signal Image Technology and Internet Based Systems\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 IEEE International Conference on Signal Image Technology and Internet Based Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SITIS.2008.96\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE International Conference on Signal Image Technology and Internet Based Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SITIS.2008.96","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

目前的预防技术提供了限制性的反应，可能在有限的信息系统基础设施中采取局部反应。本文介绍了一种更深入、更全面、更有效地响应入侵的方法。该方法不仅考虑了被监控信息系统的威胁和体系结构，而且考虑了安全策略。所提出的反应工作流将信息系统的最低级别与入侵检测机制(包括误用和异常技术)以及访问控制技术相关联，并将其与更高级别的安全策略相关联。此反应工作流在三个不同级别评估入侵警报，然后在每个级别使用相应的对抗措施对威胁做出反应。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Expression and Deployment of Reaction Policies

Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms,including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 IEEE International Conference on Signal Image Technology and Internet Based Systems

自引率

0.00%

发文量