Abstract
Detecting efficiently intrusions requires a global view of the monitored network. This can only be achieved with an architecture which is able to gather data from all sources. A Security Operation Center (SOC) is precisely dedicated to this task. In this article, we propose our implementation of the SOC concept that we call SOCBox.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (April 1980)
Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: 17th Annual Computer Security Applications Conference, New-Orleans (December 2001)
Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Research in Security and Privacy (Mai 002)
Curry, D., Debar, H.: Intrusion detection message exchange format data model and extensible markup language (xml) document type definition. Technical report, IETF Intrusion Detection Working Group (January 2003)
Neumann, P.G., Porras, P.A.: Experience with EMERALD to date. In: First USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 73–80, Santa Clara, California (April 1999)
Ning, P., Jajodia, S., Wang, X.S.: Design and implementation of a decentralized prototype system for detecting distributed attacks. Computer Communications 25, 1374 (1970)
Northcutt, S., Novak, J.: Network Intrusion Detection, 3rd edn., New Riders (September 2002) ISBN: 0-73571-265-4
Schneier, B.: Attack trees. Dr. Dobb’s Journal (December 1999)
Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: Grids - a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, vol. 1, pp. 361–370 (October 1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bidou, R., Bourgeois, J., Spies, F. (2004). Towards a Global Security Architecture for Intrusion Detection and Reaction Management. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-24591-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20827-3
Online ISBN: 978-3-540-24591-9
eBook Packages: Springer Book Archive