From Topological Vulnerability Analysis to Intrusion Management Systems
نویسندگان
چکیده
Intrusion Detection has been a body of research and development focusing on the development of techniques and products to block malicious activity. In parallel, automated vulnerability assessment tools have been proposed to provide a base ground for estimating the security level of a given infrastructure at a certain period of time. This paper explores the basic limitations of these two fundamental security techniques and proposes a complete framework for the development of Intrusion Management Systems (IMS) that exchange and correlate valuable information that complements and, in turn, leverages the effectiveness of both techniques. We also propose a revolutionary configuration approach that could assist in reducing Intrusion Detection false positives and Vulnerability Assessment false negatives and we finally describe the benefits that Intrusion Management Systems (IMS) could offer to post-security incident procedures, like Incident Response and Digital Forensics.
منابع مشابه
Saltwater intrusion vulnerability assessment using AHP-GALDIT model in Kashan plain aquifer as critical aquifer in a semi-arid region
Owing to population growth and water demand, coastal aquifers all over the world are over–pumped, resulting in serious problems such as saltwater intrusion. So, in these conditions, assessing the groundwater system’s vulnerability and finding areas with saltwater intrusion potential are vital for the better management of aquifers. In this study, AHP-GALDIT was applied to saltwater intrusion vul...
متن کاملTopological Vulnerability Analysis: A Powerful New Approach For Network Attack Prevention, Detection, and Response
This chapter examines issues and methods for survivability of systems under malicious penetrating attacks. To protect from such attacks, it is necessary to take steps to prevent them from succeeding. At the same time, it is important to recognize that not all attacks can be averted at the outset; those that are partially successful may be unavoidable, and comprehensive support is required for i...
متن کاملTopological Vulnerability Analysis
Traditionally, network administrators rely on labor-intensive processes for tracking network configurations and vulnerabilities. This requires a great deal of expertise, and is error prone because of the complexity of networks and associated security data. The interdependencies of network vulnerabilities make traditional point-wise vulnerability analysis inadequate. We describe a Topological Vu...
متن کاملDesign and Implementation of Risk Analysis system for ISP Network
The need for more effective ways to analyze network risks in real time has been recognized by security planners. However, most existing risk analysis tools provide only methodological analysis procedures, and cannot reflect continually changing vulnerability and threat information concerning individual network systems in real time. For this reason, this study suggests a new system design method...
متن کاملVMSoar: a cognitive agent for network security
VMSoar is a cognitive network security agent designed for both network configuration and long-term security management. It performs automatic vulnerability assessments by exploring a configuration’s weaknesses and also performs network intrusion detection. VMSoar is built on the Soar cognitive architecture, and benefits from the general cognitive abilities of Soar, including learning from exper...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007