Expanding topological vulnerability analysis to intrusion detection through the incident response intelligence system

被引：3

作者：

Patsos D. ^{[1
]}

Mitropoulos S. ^{[1
]}

Douligeris C. ^{[1
]}

机构：

[1] Department of Informatics, University of Piraeus, Piraeus

来源：

Information Management and Computer Security | 2010年 / 18卷 / 04期

关键词：

Computer crime; Data security; Risk management;

D O I：

10.1108/09685221011079207

中图分类号：

学科分类号：

摘要：

Purpose: The paper proposes looking at the automation of the incident response (IR) process, through formal, systematic and standardized methods for collection, normalization and correlation of security data (i.e. vulnerability, exploit and intrusion detection information). Design/methodology/approach: The paper proposes the incident response intelligence system (IRIS) that models the context of discovered vulnerabilities, calculates their significance, finds and analyzes potential exploit code and defines the necessary intrusion detection signatures that combat possible attacks, using standardized techniques. It presents the IRIS architecture and operations, as well as the implementation issues. Findings: The paper presents detailed evaluation results obtained from real-world application scenarios, including a survey of the users' experience, to highlight IRIS contribution in the area of IR. Originality/value: The paper introduces the IRIS, a system that provides detailed security information during the entire lifecycle of a security incident, facilitates decision support through the provision of possible attack and response paths, while deciding on the significance and magnitude of an attack with a standardized method. © Emerald Group Publishing Limited 0968-5227.

引用

页码：291 / 309

页数：18

共 50 条

[1]

Turning IT Security Into Effective Business Risk Management, (2003)

[2]

Adelstein F., Live forensics: Diagnosing your system without killing it first, Communications of the ACM, 49, 2, pp. 63-66, (2006)

[3]

Ammann P., Wijesekera D., Kaushik S., Scalable, graph-based network vulnerability analysis, Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217-224, (2002)

[4]

Brumley D., Newsome J., Song D., Wang H., Jha S., Towards automatic generation of vulnerability-based signatures, Proceedings - IEEE Symposium on Security and Privacy, 2006, pp. 2-16, (2006)

[5]

Brumley D., Newsome J., Song D., Wang H., Jha S., Theory and Techniques for Automatic Generation of Vulnerability-based Signatures, (2007)

[6]

BugTraq, SecurityFocus, (2009)

[7]

Common Attack Pattern Enumeration and Classification, A Community Knowledge Resource for Building Secure software, (2009)

[8]

Unique identifiers for common system configuration issues, Common Configuration Enumeration, (2009)

[9]

A structured naming scheme for IT systems, platforms and packages, Common Platform Enumeration, (2009)

[10]

A community-developed dictionary of software weakness types, Common Weaknesses Enumeration, (2009)

← 1 2 3 4 5 →