Skip to main content
SpringerLink
Log in

Advanced Reaction Using Risk Assessment in Intrusion Detection Systems

  • Conference paper
Critical Information Infrastructures Security (CRITIS 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5141))

Abstract

Current intrusion detection systems go beyond the detection of attacks and provide reaction mechanisms to cope with detected attacks or at least reduce their effect. Previous research works have proposed methods to automatically select possible countermeasures capable of ending the detected attack. But actually, countermeasures have side effects and can be as harmful as the detected attack. In this paper, we propose to improve the reaction selection process by giving means to quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system. To achieve this goal, we adopt a risk assessment and analysis approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bace, R.: Intrusion Detection. McMillan Technical Publishing (2000)

    Google Scholar 

  2. Cuppens, F.: Managing Alerts in a Multi-Intrusion Detection Environment. In: 17th Annual Computer Security Applications Conference New-Orleans (December 2001)

    Google Scholar 

  3. Cuppens, F., Autrel, F., Miege, A., Benferhat, S., et al.: Correlation in an intrusion detection process. In: Internet Security Communication Workshop (SECI 2002), Tunis, Septembre (2002)

    Google Scholar 

  4. Lippmann, R.: Using Key String and Neural Networks to Reduce False Alarms and Detect New Attacks with Sniffer-Based Intrusion Detection Systems. In: Proceedings of the Second International Workshop on the Recent Advances in Intrusion Detection (RAID 1999), Purdue, USA (October 1999)

    Google Scholar 

  5. Huang, M.: A Large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis. Louvain-La-Neuve, Belgium (1998)

    Google Scholar 

  6. Morin, B., Debar, H.: Correlation of Intrusion Symptoms: an Application of Chronicles. In: Proceedings of the Sixth International Symposium on the Recent Advances in Intrusion Detection (RAID 2002), Pittsburg, USA (September 2003)

    Google Scholar 

  7. Cuppens, F., Autrel, F., Miege, A., Benferhat, S., et al.: Recognizing Malicious Intention in an Intrusion Detection Process. In: Second International Conference on Hybrid Intelligent Systems, Santiago, Chili (December 2002)

    Google Scholar 

  8. Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: ACM Conference on Computer and Communications Security (2002)

    Google Scholar 

  9. Cuppens, F., Autrel, F., Bouzida, Y., Garcia, J., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Annals of Telecommunications 61(1-2) (January-February 2006)

    Google Scholar 

  10. Debar, H., Thomas, Y., Boulahia-Cuppens, N., Cuppens, F.: Using contextual security policies for threat response. In: Third, G.I. (ed.) International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), Germany (July 2006)

    Google Scholar 

  11. www.ssi.gouv.fr/fr/confiance/documents/methodes/ebiosv2-memento-2004-02-04.pdf

  12. www.cases.public.lu/publications/recherche/these_jph/NMA-JPH_MISC27.pdf

  13. http://i-a.ch/docs/CLUSIF_Marion.pdf

  14. www.clusif.asso.fr/fr/production/ouvrages/type.asp?id=METHODES

  15. Cuppens, F., Ortalo, R.: LAMBDA: A Language to Model a Database for Detection of Attacks. In: Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Toulouse (October 2000)

    Google Scholar 

  16. Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Massachusetts Institute of Technology (June 1999)

    Google Scholar 

  17. Mirkivich, J., Martin, J., Reiher, P.: Towards a Taxonomy of Intrusion Detection Systems and Attacks. Project IST-1999-11583, MAFTIA deliverable D3 (September 2001)

    Google Scholar 

  18. Autrel, F., Cuppens, F.: CRIM: un module de corrélation d’alertes et de réaction aux attaques. Annals of Telecommunications 61(9-10) (September-October 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ENST-Bretagne, Cesson Sévigné, 35576, France

    Wael Kanoun, Nora Cuppens-Boulahia & Frédéric Cuppens

  2. SWID, Cesson Sévigné, 35512, France

    Fabien Autrel

Authors
  1. Wael Kanoun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fabien Autrel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Malaga, 29071, Málaga, Spain

    Javier Lopez

  2. Hochschule Technik und Architektur Luzern (HTA), Bodenhofstraße 29, 6005, Luzern, Switzerland

    Bernhard M. Hämmerli

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Autrel, F. (2008). Advanced Reaction Using Risk Assessment in Intrusion Detection Systems. In: Lopez, J., Hämmerli, B.M. (eds) Critical Information Infrastructures Security. CRITIS 2007. Lecture Notes in Computer Science, vol 5141. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89173-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89173-4_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89095-9

  • Online ISBN: 978-3-540-89173-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation