N. Cuppens-Boulahia, F. Cuppens, J. D. Vergara, Enrique Vázquez, Javier Guerra, Hervé Debar
{"title":"An ontology-based approach to react to network attacks","authors":"N. Cuppens-Boulahia, F. Cuppens, J. D. Vergara, Enrique Vázquez, Javier Guerra, Hervé Debar","doi":"10.1504/IJICS.2009.031041","DOIUrl":null,"url":null,"abstract":"To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"103 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"39","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Conference on Risks and Security of Internet and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJICS.2009.031041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 39
Abstract
To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
