An ontology-based approach to react to network attacks

Nora Cuppens-Boulahia; Frédéric Cuppens; Jorge E.López De Vergara; Enrique Vázquez; Javier Guerra; Hervé Debar

doi:10.1109/CRISIS.2008.4757461

An ontology-based approach to react to network attacks

Nora Cuppens-Boulahia
, Frédéric Cuppens
, Jorge E.López De Vergara
, Enrique Vázquez
, Javier Guerra
, Hervé Debar

ENST Bretagne
Universidad Autónoma de Madrid
Universidad Politécnica de Madrid
Orange Labs

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.

langue originale	Anglais
titre	Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008
Pages	27-35
Nombre de pages	9
Les DOIs	https://doi.org/10.1109/CRISIS.2008.4757461
état	Publié - 1 déc. 2008
Modification externe	Oui
Evénement	2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008 - Tozeur, Tunisie Durée: 28 oct. 2008 → 30 oct. 2008

Série de publications

Nom	Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

Une conférence

Une conférence	2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008
Pays/Territoire	Tunisie
La ville	Tozeur
période	28/10/08 → 30/10/08

Accès au document

10.1109/CRISIS.2008.4757461

Contient cette citation

Cuppens-Boulahia, N., Cuppens, F., De Vergara, J. E. L., Vázquez, E., Guerra, J., & Debar, H. (2008). An ontology-based approach to react to network attacks. Dans Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008 (p. 27-35). Article 4757461 (Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008). https://doi.org/10.1109/CRISIS.2008.4757461

@inproceedings{96eef9d88ad348ac9d5d568d3d42264e,

title = "An ontology-based approach to react to network attacks",

abstract = "To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.",

keywords = "Attack reaction, IDMEF, OWL, Ontology, OrBAC, Policy instantiation, SWRL",

author = "Nora Cuppens-Boulahia and Fr{\'e}d{\'e}ric Cuppens and \{De Vergara\}, \{Jorge E.L{\'o}pez\} and Enrique V{\'a}zquez and Javier Guerra and Herv{\'e} Debar",

year = "2008",

month = dec,

day = "1",

doi = "10.1109/CRISIS.2008.4757461",

language = "English",

isbn = "9781424433094",

series = "Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008",

pages = "27--35",

booktitle = "Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008",

note = "2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008 ; Conference date: 28-10-2008 Through 30-10-2008",

}

Cuppens-Boulahia, N, Cuppens, F, De Vergara, JEL, Vázquez, E, Guerra, J & Debar, H 2008, An ontology-based approach to react to network attacks. Dans Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008., 4757461, Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008, p. 27-35, 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008, Tozeur, Tunisie, 28/10/08. https://doi.org/10.1109/CRISIS.2008.4757461

An ontology-based approach to react to network attacks. / Cuppens-Boulahia, Nora; Cuppens, Frédéric; De Vergara, Jorge E.López et al.
Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008. 2008. p. 27-35 4757461 (Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - An ontology-based approach to react to network attacks

AU - Cuppens-Boulahia, Nora

AU - Cuppens, Frédéric

AU - De Vergara, Jorge E.López

AU - Vázquez, Enrique

AU - Guerra, Javier

AU - Debar, Hervé

PY - 2008/12/1

Y1 - 2008/12/1

N2 - To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.

AB - To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.

KW - Attack reaction

KW - IDMEF

KW - OWL

KW - Ontology

KW - OrBAC

KW - Policy instantiation

KW - SWRL

U2 - 10.1109/CRISIS.2008.4757461

DO - 10.1109/CRISIS.2008.4757461

M3 - Conference contribution

AN - SCOPUS:63249101412

SN - 9781424433094

T3 - Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

SP - 27

EP - 35

BT - Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

T2 - 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008

Y2 - 28 October 2008 through 30 October 2008

ER -

Cuppens-Boulahia N, Cuppens F, De Vergara JEL, Vázquez E, Guerra J, Debar H. An ontology-based approach to react to network attacks. Dans Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008. 2008. p. 27-35. 4757461. (Proceedings 2008 3rd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008). doi: 10.1109/CRISIS.2008.4757461

An ontology-based approach to react to network attacks

Résumé

Série de publications

Une conférence

Accès au document

Empreinte digitale

Contient cette citation