International Journal of Network Management
A DSL for specifying autonomic security management strategies
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Using contextual security policies for threat response
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
| Hi-index | 0.01 |
Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient.We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements differenttypes of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure whena given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection, called DIAMS, that implements the response mechanisms presented in this paper.