文章基本信息

标题：An Incident Response Support System
本地全文：下载
作者：Gianluca Capuzzi ; Egidio Cardinale ; Ivan Di,Pietro 等
期刊名称：International Journal of Computer Science and Network Security
印刷版ISSN：1738-7906
出版年度：2006
卷号：6
期号：10
页码：72-78
出版社：International Journal of Computer Science and Network Security
摘要：Computer and network security can be improved by three kinds of tools: tools for intrusion prevention, tools for intrusion detection, and tools for incident response. Many systems have been proposed and developed for the first two kinds of tools. Concerning the third, as far as we know, the response plan is still left to the security manager: no automatic tools have been developed. Indeed, even if there exist forensic analysis, data recovery, and system upgrading tools, we do not yet have a comprehensive tool which includes log correlation, attack classification, and response plan generation. Our work deals with a Case-Based Reasoning system (called IRSS) that classifies attacks, looks in a case base for past attacks similar to the current one (according to given similarity metrics), and reuses the past response plans (adapted to the current attack) in order to restore normal conditions and improve network security. This paper provides an overview of the system and primarly focuses on the incident retrieval (attack classification) phase
关键词：IDS, Network Security, Attack Recognition