Multi-agents system service based platform in telecommunication security incident reaction

Authors:
Benjamin Gâteau;Djamel Khadraoui;Christophe Feltus
Affiliations:
Centre for IT Innovation, Public Research Centre Henri Tudor, Luxemburg;Centre for IT Innovation, Public Research Centre Henri Tudor, Luxemburg;Centre for IT Innovation, Public Research Centre Henri Tudor, Luxemburg
Venue:
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Year:
2009

Citing 6
Cited 1

Security agility in response to intrusion detection

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Modelling Contexts in the Or-BAC Model

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
PDL with Preferences

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
POSITIF: A Policy-Based Security Management System

POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Multi-agent based security assurance monitoring system for telecommunication infrastructures

CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Using contextual security policies for threat response

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment

Conviction model for incident reaction architecture monitoring based on automatic sensors alert detection

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

The main focus of this paper is to provide a global architectural solution built on the requirements for a reaction after alert detection mechanisms in the frame of Information Systems Security and more particularly applied to telecom infrastructures security. These infrastructures are distributed in nature, therefore the targeted architecture is developed in a distributed perspective and is composed of three basic layers: low level, intermediate level and high level. The low level is dedicated to be the interface between the main architecture and the targeted infrastructure. The intermediate level is responsible of correlating the alerts coming from different domains of the infrastructure and to deploy smartly the reaction actions. This intermediate level is elaborated using multi-agents system that provide the advantages of autonomous and interaction facilities. The high level permits to have a supervision view of the whole infrastructure, and to manage business policy definition. The proposed approach has been successfully experimented for data access control mechanism.