Building intrusion path graphs for security incident handling procedures

Building intrusion path graphs for security incident handling procedures

Hardening network services and network architecture is the best defense and the easiest way to reduce security risks. However, there is no effective solution to correlate all weaknesses, network topology with connectivity, and intrusion alerts. As a result, it can be difficult for network administra...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Guo-Tan Liao, Li-Ru Chen, Bo-Chao Cheng, Huan Chen, Ping-Hai Hsu
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Fires
Green products
Internet
Intrusion detection
Network topology
Operating systems
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Hardening network services and network architecture is the best defense and the easiest way to reduce security risks. However, there is no effective solution to correlate all weaknesses, network topology with connectivity, and intrusion alerts. As a result, it can be difficult for network administrators to determine the root cause of a security incident. In this paper, we propose "GReat Evil ENcroachments Eradicator (GREENER)", which can analyze the above network information in-depth and establish an intrusion path graph to display comprehensive information of security breaches. With the help of GREENER, system administrators can discover detailed information about an incident and rapidly remove network intrusion issues associated with the hardening process to prevent the same type of intrusion from happening again. This study has demonstrated that GREENER meets the requirements for mitigating security threats and provides a practical security incident response solution.
DOI:10.1109/ISCIT.2010.5664848