An ontology-based approach to react to network attacks Online publication date: Mon, 18-Jan-2010
by Nora Cuppens-Boulahia, Frederic Cuppens, Fabien Autrel, Herve Debar
International Journal of Information and Computer Security (IJICS), Vol. 3, No. 3/4, 2009
Abstract: Intrusion detection requirements enforced by Intrusions Detection Systems (IDSs) are generally considered independently from the remainder of the security policy. Our approach is to consider that intrusion detection requirements are actually a part of the access control policy. This provides means to formally specify in a reaction policy what should happen in case of intrusion. It is then possible to integrate these requirements into a deploying process in order to automatically configure security components. In this paper, we propose a contextual and ontology-based approach to express and instantiate this reaction policy. We then define a reaction process based on the concepts of dynamic threat organisation and threat contexts and a set of rules used to map alerts onto threat contexts to perform the instantiation of the policy-based reaction in response to the detected intrusion.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com