An ontology-based approach to react to network attacks

Nora Cuppens-Boulahia; Frédéric Cuppens; Jorge E.López De Vergara; Enrique Vázquez; Javier Guerra; Hervé Debar

doi:10.1109/CRISIS.2008.4757461

An ontology-based approach to react to network attacks

Nora Cuppens-Boulahia, Frédéric Cuppens, Jorge E.López De Vergara, Enrique Vázquez, Javier Guerra, Hervé Debar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.

Original language	English
Title of host publication	Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008
Pages	27-35
Number of pages	9
DOIs	https://doi.org/10.1109/CRISIS.2008.4757461
Publication status	Published - 1 Dec 2008
Externally published	Yes
Event	2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008 - Tozeur, Tunisia Duration: 28 Oct 2008 → 30 Oct 2008

Publication series

Name	Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

Conference

Conference	2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008
Country/Territory	Tunisia
City	Tozeur
Period	28/10/08 → 30/10/08

Keywords

Attack reaction
IDMEF
OWL
Ontology
OrBAC
Policy instantiation
SWRL

Access to Document

10.1109/CRISIS.2008.4757461

Cite this

Cuppens-Boulahia, N., Cuppens, F., De Vergara, J. E. L., Vázquez, E., Guerra, J., & Debar, H. (2008). An ontology-based approach to react to network attacks. In Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008 (pp. 27-35). Article 4757461 (Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008). https://doi.org/10.1109/CRISIS.2008.4757461

@inproceedings{96eef9d88ad348ac9d5d568d3d42264e,

title = "An ontology-based approach to react to network attacks",

abstract = "To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.",

keywords = "Attack reaction, IDMEF, OWL, Ontology, OrBAC, Policy instantiation, SWRL",

author = "Nora Cuppens-Boulahia and Fr{\'e}d{\'e}ric Cuppens and \{De Vergara\}, \{Jorge E.L{\'o}pez\} and Enrique V{\'a}zquez and Javier Guerra and Herv{\'e} Debar",

year = "2008",

month = dec,

day = "1",

doi = "10.1109/CRISIS.2008.4757461",

language = "English",

isbn = "9781424433094",

series = "Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008",

pages = "27--35",

booktitle = "Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008",

note = "2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008 ; Conference date: 28-10-2008 Through 30-10-2008",

}

Cuppens-Boulahia, N, Cuppens, F, De Vergara, JEL, Vázquez, E, Guerra, J & Debar, H 2008, An ontology-based approach to react to network attacks. in Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008., 4757461, Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008, pp. 27-35, 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008, Tozeur, Tunisia, 28/10/08. https://doi.org/10.1109/CRISIS.2008.4757461

An ontology-based approach to react to network attacks. / Cuppens-Boulahia, Nora; Cuppens, Frédéric; De Vergara, Jorge E.López et al.
Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008. 2008. p. 27-35 4757461 (Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An ontology-based approach to react to network attacks

AU - Cuppens-Boulahia, Nora

AU - Cuppens, Frédéric

AU - De Vergara, Jorge E.López

AU - Vázquez, Enrique

AU - Guerra, Javier

AU - Debar, Hervé

PY - 2008/12/1

Y1 - 2008/12/1

N2 - To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.

AB - To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.

KW - Attack reaction

KW - IDMEF

KW - OWL

KW - Ontology

KW - OrBAC

KW - Policy instantiation

KW - SWRL

U2 - 10.1109/CRISIS.2008.4757461

DO - 10.1109/CRISIS.2008.4757461

M3 - Conference contribution

AN - SCOPUS:63249101412

SN - 9781424433094

T3 - Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

SP - 27

EP - 35

BT - Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

T2 - 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

Y2 - 28 October 2008 through 30 October 2008

ER -

Cuppens-Boulahia N, Cuppens F, De Vergara JEL, Vázquez E, Guerra J, Debar H. An ontology-based approach to react to network attacks. In Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008. 2008. p. 27-35. 4757461. (Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008). doi: 10.1109/CRISIS.2008.4757461

An ontology-based approach to react to network attacks

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this