Table of Contents Author Guidelines Submit a Manuscript
Journal of Computer Networks and Communications
Volume 2013, Article ID 134760, 8 pages
http://dx.doi.org/10.1155/2013/134760
Research Article

A Retroactive-Burst Framework for Automated Intrusion Response System

Départment de Genie Informatique et Génie Logiciel, École Polytechnique de Montréal, P.O. Box 6079, Succ. Downtown, Montreal, QC, Canada H3C 3A7

Received 14 December 2012; Accepted 20 February 2013

Academic Editor: Rui Zhang

Copyright © 2013 Alireza Shameli-Sendi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. F. Xiao, S. Jin, and X. Li, “A novel data mining-based method for alert reduction and analysis,” Journal of Networks, vol. 5, no. 1, pp. 88–97, 2010. View at Publisher · View at Google Scholar · View at Scopus
  2. M. Desnoyers and M. Dagenais, “LTTng: tracing across execution layers, from the hypervisor to user-space,” in Proceedings of the Linux Symposium, Ottawa, Canada, 2008.
  3. J. Blunck, M. Desnoyers, and P. M. Fournier, “Userspace application tracing with markers and tracepoints,” in Proceedings of the Linux Kongress, October 2009.
  4. N. B. Anuar, H. Sallehudin, A. Gani, and O. Zakari, “Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree,” Malaysian Journal of Computer Science, vol. 21, no. 2, pp. 101–115, 2008. View at Google Scholar · View at Scopus
  5. A. Lazarevic, L. Ertz, V. Kumar, A. Ozgur, and J. Srivastava, “A comparative study of anomaly detection schemes in network intrusion detection,” in Proceedings of the 3rd SIAM International Conference on Data Mining, 2003.
  6. Yusof, Automated Signature Generation of Network Attacks [B.S. thesis], University Teknologi Malasia, 2009.
  7. “Difference between signature based and anomaly based detection in IDS,” http://www.secguru.com/forum/difference.
  8. C. P. Mu and Y. Li, “An intrusion response decision-making model based on hierarchical task network planning,” Expert Systems with Applications, vol. 37, no. 3, pp. 2465–2472, 2010. View at Publisher · View at Google Scholar · View at Scopus
  9. Y. M. Chen and Y. Yang, “Policy management for network-based intrusion detection and prevention,” in Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Application Sessions (NOMS '04), pp. 219–232, Seoul, South Korea, April 2004. View at Scopus
  10. G. B. White, E. A. Fisch, and U. W. Pooch, “Cooperating security managers: a peer-based intrusion detection system,” IEEE Network, vol. 10, no. 1, pp. 20–23, 1996. View at Google Scholar · View at Scopus
  11. P. Porras and P. Neumann, “EMERALD: event monitoring enenabling responses to anomalous live disturbances,” in Proceedings of the National Information Systems Security Conference, 1997.
  12. B. Foo, Y. S. Wu, Y. C. Mao, S. Bagchi, and E. Spafford, “ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment,” in Proceedings of the International Conference on Dependable Systems and Networks, pp. 508–517, July 2005. View at Scopus
  13. A. Shameli-Sendi, N. Ezzati-Jivan, M. Jabbarifar, and M. Dagenais, “Intrusion response systems: survey and taxonomy,” International Journal of Computer Science and Network Security, vol. 12, no. 1, pp. 1–14, 2012. View at Google Scholar
  14. N. Stakhanova, S. Basu, and J. Wong, “A cost-sensitive model for preemptive intrusion response systems,” in Proceedings of the 21st International Conference on Advanced Information Networking and Applications (AINA '07), pp. 428–435, Washington, DC, USA, May 2007. View at Publisher · View at Google Scholar · View at Scopus
  15. W. Lee, W. Fan, M. Miller, S. J. Stolfo, and E. Zadok, “Toward cost-sensitive modeling for intrusion detection and response,” Journal of Computer Security, vol. 10, no. 1-2, pp. 5–22, 2002. View at Google Scholar · View at Scopus
  16. http://wiki.eclipse.org/DSDP/TCF.
  17. https://help.ubuntu.com/community/AppArmor/.
  18. http://www.nsa.gov/research/selinux/.
  19. N. Ezzati-Jivan and M. Dagenais, “A stateful approach to generate synthetic events from kernel traces,” Advances in Software Engineering, vol. 2012, Article ID 140368, 12 pages, 2012. View at Publisher · View at Google Scholar
  20. H. Waly and B. Ktari, “A complete framework for kernel trace analysis,” in Proceedings of the 24th Canadian Cference on Electrical and Computer Engineering (CCECE '11), pp. 1426–1430, Niagara Falls, ON, Canada, May 2011.
  21. N. Ezzati-Jivan and M. Dagenais, “A framework to compute statistics of system parameters from very large trace files,” ACM SIGOPS Operating Systems Review, vol. 47, no. 1, pp. 43–54, 2013. View at Google Scholar
  22. H. Debar, D. Curry, and B. Feinstein, “The intrusion detection message exchange format,” http://www.ietf.org/rfc/rfc4765.txt.