Policy-based security configuration management application to intrusion detection and prevention

Authors:
Khalid Alsubhi;Issam Aib;Jérôme François;Raouf Boutaba
Affiliations:
David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada;David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada;MADYNES - INRIA Lorraine, CNRS, Nancy, France;David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada
Venue:
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Year:
2009

Citing 10
Cited 1

Towards a taxonomy of intrusion-detection systems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Techniques and tools for analyzing intrusion alerts

ACM Transactions on Information and System Security (TISSEC)
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Managing heterogeneous network environments using an extensible policy framework

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
POSITIF: A Policy-Based Security Management System

POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Policy-based Management: A Historical Perspective

Journal of Network and Systems Management
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

A Formal Methodology for Detecting Managerial Vulnerabilities and Threats in an Enterprise Information System

Journal of Network and Systems Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against the variety of attacks that can compromise the security and well functioning of an enterprise information system. IDPSes can be network or host-based and can collaborate in order to provide better detections of malicious traffic. Although several IDPS systems have been proposed, their appropriate configuration and control for effective detection and prevention of attacks has always been far from trivial. Another concern is related to the slowing down of system performance when maximum security is applied, hence the need to trade off between security enforcement levels and the performance and usability of an enterprise information system. In this paper we motivate the need for and present a policy-based framework for the configuration and control of the security enforcement mechanisms of an enterprise information system. The approach is based on dynamic adaptation of security measures based on the assessment of system vulnerability and threat prediction and provides several levels of attack containment. As an application, we have implemented a dynamic policy-based adaptation mechanism between the Snort signature-based IDPS and the light weight anomaly-based FireCollaborator IDS. Experiments conducted over the DARPA 2000 and 1999 intrusion detection evaluation datasets show the viability of our framework.