Functional requirements of situational awareness incomputer network security
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
| Hi-index | 0.00 |
Computer network security is concerned with safeguards, responses and controls to prevent, react and respond to attacks perceived on valued information assets. Unfortunately, current technical controls use by enterprises to protect their IT investments are often stand-alone systems whose independent protection are either isolated or localised, and insufficient in adequately protecting these assets. This book discusses an approach to security defence that combines and integrates the defences offered by stand-alone countermeasure systems to adequately detect widespread attacks. An integrated security framework is investigated that is underpinned by sensor, analysis and response defence paradigm. In the framework, sensors gather pieces of attack evidence perceived on the entire network and communicate their beliefs to the analysis component. At the analysis component, beliefs from sensors are correlated and combined to detect and identify perceived attacks; while responses are executed to mitigate the perceived attacks. This book is intended for students, researchers, security consultants, engineers, administrators and analysts.