Abstract
Cyber-attacks have become more complex and unpredictable. Due to their devastating impacts, choosing the appropriate response has become a priority for corporations. This paper introduces an incident response system based on a supervised machine learning model. It offers a framework to process alerts and enhance them to classify and defend against sophisticated attacks. Our method helps security analysts handle alerts and apply the most appropriate response mechanisms, thanks to a high level of abstraction of attack description and supervised learning model. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms. The originality of our work is the ability of this system to provide a response to an attack the system face for the first time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The Global Information Risk Report (2013). www.weforum.org/reports
Sherif, J.S., Ayers, R., Dearmond, T.G.: Intrusion detection: the art and the practice. Part I. Inf. Manag. Comput. Secur. 11, 175–186 (2003)
Sherif, J.S., Dearmond, T.G.: Intrusion detection: systems and models. In: Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2002) (2002)
Bromiley, M.: Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey. SANS Institute, June 2016
Souissi, S.: A novel response-oriented attack classification. In: CFIP-NOTERE Conference, Paris-France, July 2015
Souissi, S., Sliman, L., Charroux, B.: A novel security architecture based on multi-level rule expression language. In: Abraham, A., Han, S.Y., Al-Sharhan, S.A., Liu, H. (eds.) HIS 2015. AISC, vol. 420, pp. 259–269. Springer, Heidelberg (2016). doi:10.1007/978-3-319-27221-4_22
Snort IDS. http://www.snort.org
Suricata IDS. http://suricata-ids.org/
Paxson, V.: Bro: a system for detecting network intruders in real-time. In: 7th USENIX Security Symposium, Texas, Lawrence Berkeley National Laboratory, Berkeley (1998)
Ristic, I.: ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall. Feisty Duck, London (2010)
Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q.: AVOIDIT: a cyber attack taxonomy, University of Memphis. In: ASIA Conference, Albany, NY (2014)
Simmons, C.B., Shiva, S., Simmons, L.: A qualitative analysis of an ontology based issue resolution system for cyber attack management. University of Memphis. In: Conference on Cyber Technology in Automation, Control and Intelligent Systems, China (2014)
Wu, Z., Ou, Y., Liu, Y.: A taxonomy of network and computer attacks based on responses. In: Proceedings of International Conference on Information Technology, Computer Engineering and Management Sciences (ICM) (2011)
Dasgupta, D., Gonzalez, F.A.: An intelligent decision support system for intrusion detection and response. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 1–14. Springer, Heidelberg (2001). doi:10.1007/3-540-45116-1_1
Golling, M., Koch, R., Hofstede, R.: Towards multi-layered intrusion detection in high-speed networks. In: Proceedings of 6th International Conference on Cyber Conflict, Universität der Bundeswehr München Neubiberg, Germany, University of Twente Enschede, Netherlands (2014)
AlienVault OSSIM. http://www.alienvault.com/products/ossim
Prelude SIEM. http://www.prelude-siem.com/
Common Vulnerabilities and Exposures CVE. http://www.cve.mitre.org
Common Vulnerability Scoring System CVSS. https://www.first.org/cvss
National Vulnerability Database NVD. https://nvd.nist.gov/
Srinivasan, K.: Introduction to Spring Expression Language, Spring Framework (2011)
Weka3: Data Mining Software in Java. http://www.cs.waikato.ac.nz/ml/weka/
Schapire, R.E.: Explaining AdaBoost. In: Schölkopf, B., Luo, Z., Vovk, V. (eds.) Empirical Inference, pp. 37–52. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Souissi, S., Serhrouchni, A., Sliman, L., Charroux, B. (2017). Security Incident Response: Towards a Novel Decision-Making System. In: Madureira, A., Abraham, A., Gamboa, D., Novais, P. (eds) Intelligent Systems Design and Applications. ISDA 2016. Advances in Intelligent Systems and Computing, vol 557. Springer, Cham. https://doi.org/10.1007/978-3-319-53480-0_66
Download citation
DOI: https://doi.org/10.1007/978-3-319-53480-0_66
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-53479-4
Online ISBN: 978-3-319-53480-0
eBook Packages: EngineeringEngineering (R0)