Abstract
Response systems play a growing role in modern security architectures. In order to select the most effective countermeasure, they adopt a dynamic and situation-aware approach. However, today’s response systems are limited to the selection procedure. In other words, the follow-up and the deactivation phases are still performed manually. Consequently, existing response taxonomies failed to provide an appropriate set of requirements that covers the deactivation feature. In this paper, we tackle this issue by proposing a formal temporal taxonomy for response measures. Furthermore, we present an application of our work in the context of simultaneous attacks. This work provides a first step towards the deactivation and the transactional management of response measures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: Adepts: Adaptive intrusion response using attack graphs in an e-commerce environment. In: International Conference on Dependable Systems and Networks, pp. 508–517 (2005)
Wei, H., Frinke, D., Carter, O., Ritter, C.: Cost-benefit analysis for network intrusion detection systems. In: 28th Annual Computer Security Conference (CSI 2001) (October 2001)
Toth, T., Kruegel, C.: Evaluating the impact of automated intrusion response mechanisms. In: Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC 2002, p. 301. IEEE Computer Society, Las Vegas (2002)
Lee, W., Fan, W., Miller, M., Stolfo, S.J., Zadok, E.: Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security 10(1/2), 5–22 (2002)
Balepin, I., Maltsev, S., Rowe, J., Levitt, K.N.: Using Specification-Based Intrusion Detection for Automated Response. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 136–154. Springer, Heidelberg (2003)
Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications, AINA 2007, pp. 428–435. IEEE Computer Society, Washington, DC (2007)
Jahnke, M., Thul, C., Martini, P.: Graph based metrics for intrusion response measures in computer networks. In: Proceedings of the 32nd IEEE Conference on Local Computer Networks, LCN 2007, pp. 1035–1042. IEEE Computer Society, Washington, DC (2007)
Kheir, N.: Response Policies and Countermeasures: Management of Service Dependencies and Intrusion and Reaction Impacts. PhD thesis, Telecom Bretagne (2010)
Kanoun, W., Cuppens-Boulahia, N., Cuppens, F.: Advanced Reaction Using Risk Assessment in Intrusion Detection Systems. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 58–70. Springer, Heidelberg (2008)
Kanoun, W.: Intelligent Risk-Aware System for Activating and Deactivating Policy-Based Response. PhD thesis, Telecom Bretagne (2011)
Irvine, C., Levin, T.: Toward a taxonomy and costing method for security services. In: Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC 1999), pp. 183–188 (1999)
Carver, C., Pooch, U.: An intrusion response taxonomy and its role in automatic intrusion response. In: The 2000 IEEE Workshop on Information Assurance and Security (June 2000)
Wang, H., Wang, G., Lan, Y., Wang, K., Liu, D.: A New Automatic Intrusion Response Taxonomy and Its Application. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb 2006 Workshops. LNCS, vol. 3842, pp. 999–1003. Springer, Heidelberg (2006)
Stakhanova, N., Basu, S., Wong, J.: A taxonomy of intrusion response systems. International Journal of Information and Computer Security 1(1/2), 169–184 (2007)
Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Dubus, S.: Risk-aware framework for activating and deactivating policy-based response. In: The fourth International Conference on Network and System Security (NSS 2010), Melbourne, Australia (September 2010)
Abou El Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 4th IEEE Policy (June 2003)
Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Croissant, A.: A Formal Framework to Specify and Deploy Reaction Policies. In: Web-Based Information Technologies and Distributed Systems, pp. 159–188. Atlantis Press, Paris (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kanoun, W., Samarji, L., Cuppens-Boulahia, N., Dubus, S., Cuppens, F. (2013). Towards a Temporal Response Taxonomy. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2012 2012. Lecture Notes in Computer Science, vol 7731. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35890-6_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-35890-6_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35889-0
Online ISBN: 978-3-642-35890-6
eBook Packages: Computer ScienceComputer Science (R0)