Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

Frédéric Cuppens; Fabien Autrel; Yacine Bouzida; Joaquin Garcia; Sylvain Gombault; Thierry Sans

doi:10.1007/BF03219974

Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

Frédéric Cuppens
, Fabien Autrel
, Yacine Bouzida
, Joaquin Garcia
, Sylvain Gombault
, Thierry Sans

Research output: Contribution to journal › Article › peer-review

Abstract

Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection that implements the response mechanisms presented in this paper.

Original language	English
Pages (from-to)	197-217
Number of pages	21
Journal	Annales des Telecommunications/Annals of Telecommunications
Volume	61
Issue number	1-2
DOIs	https://doi.org/10.1007/BF03219974
Publication status	Published - 1 Jan 2006
Externally published	Yes

Keywords

Computer security
Correlation
Information protection
Intruder detector
Logic model
Modelling

Access to Document

10.1007/BF03219974

Cite this

@article{885711077c0241f1840ac9623964109c,

title = "Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework",

abstract = "Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection that implements the response mechanisms presented in this paper.",

keywords = "Computer security, Correlation, Information protection, Intruder detector, Logic model, Modelling",

author = "Fr{\'e}d{\'e}ric Cuppens and Fabien Autrel and Yacine Bouzida and Joaquin Garcia and Sylvain Gombault and Thierry Sans",

year = "2006",

month = jan,

day = "1",

doi = "10.1007/BF03219974",

language = "English",

volume = "61",

pages = "197--217",

journal = "Annales des Telecommunications/Annals of Telecommunications",

issn = "0003-4347",

number = "1-2",

}

TY - JOUR

T1 - Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

AU - Cuppens, Frédéric

AU - Autrel, Fabien

AU - Bouzida, Yacine

AU - Garcia, Joaquin

AU - Gombault, Sylvain

AU - Sans, Thierry

PY - 2006/1/1

Y1 - 2006/1/1

N2 - Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection that implements the response mechanisms presented in this paper.

AB - Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection that implements the response mechanisms presented in this paper.

KW - Computer security

KW - Correlation

KW - Information protection

KW - Intruder detector

KW - Logic model

KW - Modelling

UR - https://www.scopus.com/pages/publications/33645799476

U2 - 10.1007/BF03219974

DO - 10.1007/BF03219974

M3 - Article

AN - SCOPUS:33645799476

SN - 0003-4347

VL - 61

SP - 197

EP - 217

JO - Annales des Telecommunications/Annals of Telecommunications

JF - Annales des Telecommunications/Annals of Telecommunications

IS - 1-2

ER -

Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this