Expression and deployment of reaction policiesReport as inadecuate

Expression and deployment of reaction policies - Download this document for free, or read online. Document in PDF available to download.

1 LUSSI - Département Logique des Usages, Sciences sociales et Sciences de l-Information 2 Lab-STICC - Laboratoire des sciences et techniques de l-information, de la communication et de la connaissance UMR 3192 3 Bell Labs Alcatel Lucent

Abstract : Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms, including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly.

Keywords : Reaction policies Security policy Prevention techniques Intrusion detection Information system infrastructure Access control techniques

Author: Frédéric Cuppens - Nora Cuppens-Boulahia - Wael Kanoun - Yacine Bouzida - Aurélien Croissant -



Related documents