Skip to main content

2016 | OriginalPaper | Buchkapitel

Context Aware Intrusion Response Based on Argumentation Logic

verfasst von : Tarek Bouyahia, Fabien Autrel, Nora Cuppens-Boulahia, Frédéric Cuppens

Erschienen in: Risks and Security of Internet and Systems

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Automatic response in an intrusion detection process is a difficult problem. Indeed activating an inappropriate countermeasure for a given attack can have deleterious effects on the system which must be protected. In some cases the countermeasure can be more harmful than the attack it is targeted against. Moreover, given an attack against a specific system, the best countermeasure to apply depends on the context in which the system is operating. For example in the case of an automotive system, the fact that the vehicle is operating downtown or on a freeway changes the impact an attack may have on the system. This paper introduces a novel approach which uses an argumentative logic framework to reason and select the most appropriate countermeasure given an attack and its context.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Dung, P.M.: On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming and n-person games. Artif. Intell. 77(2), 321–357 (1995)MathSciNetCrossRefMATH Dung, P.M.: On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming and n-person games. Artif. Intell. 77(2), 321–357 (1995)MathSciNetCrossRefMATH
2.
Zurück zum Zitat Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)CrossRef Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)CrossRef
3.
Zurück zum Zitat Cuppens, F., Autrel, F., Bouzida, Y., García, J., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Annales des Télécommunications 61(1–2), 197–217 (2006)CrossRef Cuppens, F., Autrel, F., Bouzida, Y., García, J., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Annales des Télécommunications 61(1–2), 197–217 (2006)CrossRef
4.
Zurück zum Zitat Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical report (2000) Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical report (2000)
5.
Zurück zum Zitat Benferhat, S., Autrel, F., Cuppens, F.: Enhanced correlation in an intrusion detection process. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 157–170. Springer, Heidelberg (2003)CrossRef Benferhat, S., Autrel, F., Cuppens, F.: Enhanced correlation in an intrusion detection process. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 157–170. Springer, Heidelberg (2003)CrossRef
6.
Zurück zum Zitat Dimopoulos, Y., Kakas, A.C.: Logic programming without negation as failure. In: Lloyd, J.W. (ed.) ILPS, pp. 369–383. MIT Press (1995) Dimopoulos, Y., Kakas, A.C.: Logic programming without negation as failure. In: Lloyd, J.W. (ed.) ILPS, pp. 369–383. MIT Press (1995)
7.
Zurück zum Zitat Samarji, L., Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Dubus, S.: Situation calculus and graph based defensive modeling of simultaneous attacks. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 132–150. Springer, Heidelberg (2013)CrossRef Samarji, L., Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Dubus, S.: Situation calculus and graph based defensive modeling of simultaneous attacks. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 132–150. Springer, Heidelberg (2013)CrossRef
8.
Zurück zum Zitat Bench-Capon, T.J.M.: Value-based argumentation frameworks. In: 9th International Workshop on Non-monotonic Reasoning (NMR 2002), Proceedings, Toulouse, France, 19–21 April 2002, pp. 443–454 (2002) Bench-Capon, T.J.M.: Value-based argumentation frameworks. In: 9th International Workshop on Non-monotonic Reasoning (NMR 2002), Proceedings, Toulouse, France, 19–21 April 2002, pp. 443–454 (2002)
9.
Zurück zum Zitat Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Sec. 7(4), 285–305 (2008)CrossRefMATH Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Sec. 7(4), 285–305 (2008)CrossRefMATH
11.
Zurück zum Zitat Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462, May 2010 Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462, May 2010
12.
Zurück zum Zitat Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall configuration management. In: Integrated Network Management, pp. 180–187. IEEE (2009) Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall configuration management. In: Integrated Network Management, pp. 180–187. IEEE (2009)
13.
Zurück zum Zitat Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall policy specification and analysis. In: State, R., van der Meer, S., O’Sullivan, D., Pfeifer, T. (eds.) DSOM 2006. LNCS, vol. 4269, pp. 185–196. Springer, Heidelberg (2006)CrossRef Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall policy specification and analysis. In: State, R., van der Meer, S., O’Sullivan, D., Pfeifer, T. (eds.) DSOM 2006. LNCS, vol. 4269, pp. 185–196. Springer, Heidelberg (2006)CrossRef
14.
Zurück zum Zitat Applebaum, A., Levitt, K.N., Rowe, J., Parsons, S.: Arguing about firewall policy. In: Verheij, B., Szeider, S., Woltran, S. (eds.) COMMA. Frontiers in Artificial Intelligence and Applications, vol. 245, pp. 91–102. IOS Press (2012) Applebaum, A., Levitt, K.N., Rowe, J., Parsons, S.: Arguing about firewall policy. In: Verheij, B., Szeider, S., Woltran, S. (eds.) COMMA. Frontiers in Artificial Intelligence and Applications, vol. 245, pp. 91–102. IOS Press (2012)
15.
Zurück zum Zitat Bouyahia, T., Idrees, M.S., Cuppens-Boulahia, N., Cuppens, F., Autrel, F.: Metric for security activities assisted by argumentative logic. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 183–197. Springer, Heidelberg (2015) Bouyahia, T., Idrees, M.S., Cuppens-Boulahia, N., Cuppens, F., Autrel, F.: Metric for security activities assisted by argumentative logic. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 183–197. Springer, Heidelberg (2015)
16.
Zurück zum Zitat Bench-Capon, T.J.M.: Persuasion in practical argument using value-based argumentation frameworks. J. Log. Comput. 13(3), 429–448 (2003)MathSciNetCrossRefMATH Bench-Capon, T.J.M.: Persuasion in practical argument using value-based argumentation frameworks. J. Log. Comput. 13(3), 429–448 (2003)MathSciNetCrossRefMATH
17.
Zurück zum Zitat Martinelli, F., Santini, F.: Debating cybersecurity or securing a debate? In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 239–246. Springer, Heidelberg (2015) Martinelli, F., Santini, F.: Debating cybersecurity or securing a debate? In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 239–246. Springer, Heidelberg (2015)
18.
Zurück zum Zitat Rowe, J., Levitt, K., Parsons, S., Sklar, E., Applebaum, A., Jalal, S.: Argumentation logic to assist in security administration. In: Proceedings of the 2012 Workshop on New Security Paradigms, NSPW 2012, pp. 43–52. ACM, New York (2012) Rowe, J., Levitt, K., Parsons, S., Sklar, E., Applebaum, A., Jalal, S.: Argumentation logic to assist in security administration. In: Proceedings of the 2012 Workshop on New Security Paradigms, NSPW 2012, pp. 43–52. ACM, New York (2012)
Metadaten
Titel
Context Aware Intrusion Response Based on Argumentation Logic
verfasst von
Tarek Bouyahia
Fabien Autrel
Nora Cuppens-Boulahia
Frédéric Cuppens
Copyright-Jahr
2016
DOI
https://doi.org/10.1007/978-3-319-31811-0_6