Abstract | ||
---|---|---|
Intrusion detection requirements enforced by Intrusions Detection Systems (IDSs) are generally considered independently from the remainder of the security policy. Our approach is to consider that intrusion detection requirements are actually a part of the access control policy. This provides means to formally specify in a reaction policy what should happen in case of intrusion. It is then possible to integrate these requirements into a deploying process in order to automatically configure security components. In this paper, we propose a contextual and ontology-based approach to express and instantiate this reaction policy. We then define a reaction process based on the concepts of dynamic threat organisation and threat contexts and a set of rules used to map alerts onto threat contexts to perform the instantiation of the policy-based reaction in response to the detected intrusion. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1504/IJICS.2009.031041 | International Journal of Information and Computer Security |
Keywords | DocType | Volume |
ontology-based approach,policy-based reaction,configure security component,deploying process,network attack,intrusion detection requirement,threat context,reaction policy,access control policy,security policy,dynamic threat organisation,reaction process,inference rule,inference rules,ontology,internet,quality of service,owl,organizations,service provider,ontologies,security,engines | Journal | 3 |
Issue | ISBN | Citations |
3/4 | 978-1-4244-3309-4 | 7 |
PageRank | References | Authors |
0.64 | 19 | 8 |
Name | Order | Citations | PageRank |
---|---|---|---|
Nora Cuppens-Boulahia | 1 | 1043 | 91.60 |
Frederic Cuppens | 2 | 182 | 14.57 |
Jorge E. López de Vergara | 3 | 187 | 26.98 |
Enrique Vázquez | 4 | 7 | 0.64 |
Javier Guerra | 5 | 8 | 1.02 |
Herve Debar | 6 | 197 | 27.28 |
Cuppens-Boulahia, N. | 7 | 7 | 0.64 |
de Vergara, J.E.L. | 8 | 10 | 1.74 |