Definition of response metrics for an ontology-based Automated Intrusion Response Systems

Authors:
VeróNica Mateos;VíCtor A. Villagrá;Francisco Romero;Julio Berrocal
Affiliations:
Dpto. de Ingeniería de Sistemas Telemáticos, Universidad Politécnica de Madrid, E.T.S.I. de Telecomunicación, Madrid 28040, Spain;Dpto. de Ingeniería de Sistemas Telemáticos, Universidad Politécnica de Madrid, E.T.S.I. de Telecomunicación, Madrid 28040, Spain;Telefónica Research and Development (TID), Madrid, Spain;Dpto. de Ingeniería de Sistemas Telemáticos, Universidad Politécnica de Madrid, E.T.S.I. de Telecomunicación, Madrid 28040, Spain
Venue:
Computers and Electrical Engineering
Year:
2012

Citing 13
Cited 0

Evaluating the Impact of Automated Intrusion Response Mechanisms

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Adaptive agent-based intrusion response

Adaptive agent-based intrusion response
ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Automated adaptive intrusion containment in systems of interacting services

Computer Networks: The International Journal of Computer and Telecommunications Networking
A Cost-Sensitive Model for Preemptive Intrusion Response Systems

AINA '07 Proceedings of the 21st International Conference on Advanced Networking and Applications
A taxonomy of intrusion response systems

International Journal of Information and Computer Security
A hybrid intrusion detection system design for computer network security

Computers and Electrical Engineering
Ontology-Based Network Management: Study Cases and Lessons Learned

Journal of Network and Systems Management
A Framework for Cost Sensitive Assessment of Intrusion Response Selection

COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 01
Handbook on Ontologies

Handbook on Ontologies
An intrusion response decision-making model based on hierarchical task network planning

Expert Systems with Applications: An International Journal
Using a model-driven architecture for technology-independent scenario configuration in networking testbeds

IEEE Communications Magazine
Cooperating security managers: a peer-based intrusion detection system

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

The main purpose of an AIRS (Automated Intrusion Response System) is to choose and execute the optimum response when the different security-event network detection sources detect security intrusions. The inference of the most suitable response should be made according to a set of response metrics that specify different rules for selecting a specific response according to some context and input parameters and the weight associated with each of them. Furthermore, the Semantic Web Rule Language (SWRL) can be used to specify these response metrics, providing an open and extensible framework for the behavior description of an AIRS, able to be integrated with the increasing number of Semantic Web tools. The aim of this paper is to study and characterize these metrics, as well as defining a set of response metrics for an AIRS, specifying these metrics with SWRL rules and testing their execution with Semantic Web current technologies. Finally, some results are shown concerning the inferred responses and performance of this SWRL-based reasoning.