Selecting Appropriate Counter-Measures in an Intrusion Detection Framework

Abstract

Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection, called DIAMS, that implements the response mechanisms presented in this paper.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 20, 2004
Accession Number
ADA457091

Entities

People

  • F. Cuppens
  • S. Combault
  • T. Sans

Organizations

  • Télécom Paris

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Classification
  • Computer Science
  • Computers
  • Databases
  • Denial Of Service Attack
  • Detection
  • Information Operations
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Language
  • Operating Systems
  • Sequences
  • Taxonomy

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications