Security Incident Response: Towards a Novel Decision-Making System
| Autor: | Benoit Charroux, Ahmed Serhrouchni, Layth Sliman, Samih Souissi |
|---|---|
| Přispěvatelé: | Télécom ParisTech, Département Informatique et Réseaux (INFRES), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, EFREI Engineering CollegeVillejuif |
| Jazyk: | angličtina |
| Rok vydání: | 2017 |
| Předmět: |
021110 strategic
defence & security studies Computer science Process (engineering) media_common.quotation_subject Aggregate (data warehouse) Supervised learning 0211 other engineering and technologies 02 engineering and technology 021001 nanoscience & nanotechnology Computer security computer.software_genre Cyber-attacks Attack classification Incident response Enhanced alerts Alert processing Machine learning Decision making Originality Order (exchange) Incident response [INFO]Computer Science [cs] 0210 nano-technology computer media_common Abstraction (linguistics) |
| Zdroj: | Intelligent Systems Design and Applications Intelligent Systems Design and Applications, pp.667-676, 2017, Intelligent Systems Design and Applications, 978-3-319-53480-0. ⟨10.1007/978-3-319-53480-0_66⟩ Advances in Intelligent Systems and Computing ISBN: 9783319534794 ISDA |
| Popis: | International audience; Cyber-attacks have become more complex and unpredictable. Due to their devastating impacts, choosing the appropriate response has become a priority for corporations. This paper introduces an incident response system based on a supervised machine learning model. It offers a framework to process alerts and enhance them to classify and defend against sophisticated attacks. Our method helps security analysts handle alerts and apply the most appropriate response mechanisms, thanks to a high level of abstraction of attack description and supervised learning model. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms. The originality of our work is the ability of this system to provide a response to an attack the system face for the first time. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|