IRSS: Incident Response Support System

IRSS: Incident Response Support System

Computer and network security can be improved by three kinds of tools: tools for intrusion prevention, tools for intrusion detection, and tools for incident response. Several systems have been proposed and developed for the first two kinds of tools. Concerning the third, as far as we know, the respo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Capuzzi, G., Spalazzi, L., Pagliarecci, F.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Alert Correlation
Computer networks
Computer security
Data analysis
Event detection
Feedback
Floods
Forensics
Framework for Security
Incident
Information security
Intrusion and Attack detection
Intrusion detection
Operating systems
Response
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Computer and network security can be improved by three kinds of tools: tools for intrusion prevention, tools for intrusion detection, and tools for incident response. Several systems have been proposed and developed for the first two kinds of tools. Concerning the third, as far as we know, the response is still left to the system administrator: no automatic tools have been developed. Indeed, even if forensic analysis and data recovery tools there exist, we do not yet have a comprehensive tool which includes log correlation, attack classification, and response plan generation. This paper presents IRSS, an Incident Response Support System that correlates events in order to classify attacks, looks in a knowledge base for past attacks similar to the current one (according to given similarity metrics), and reuses the past responses (adapted to the current attack) in order to restore the normal conditions and improve the network security.
DOI:10.1109/CTS.2006.55