Skip to main content
SpringerLink
Log in

A Novel Security Architecture Based on Multi-level Rule Expression Language

  • Conference paper
  • First Online:
Hybrid Intelligent Systems (HIS 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 420))

Included in the following conference series:

Abstract

This paper introduces an attack detection and response system based on multi-level rule expression language. It provides a framework to evaluate, identify, classify and defend against sophisticated attacks. Our approach helps simplifying complex rules’ expression and alert handling, thanks to a modular architecture and an intuitive rules along with a powerful expression language. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Vennila, D., Nedunchezhian, R.: Correlated alerts and non-intrusive alerts, Department of Computer Science, Anna University of Technology/Sri Ramakrishna Engineering College, India. Int. J. Soft Comput. 7, 302–309 (2012)

    Google Scholar 

  2. Souissi, S., Serhrouchni, A.: AIDD: a novel generic attack modeling approach. In: Télécom ParisTech, Proceedings of HSPC Conference, Bologne-Italy (2014)

    Google Scholar 

  3. Snort IDS. Available at: http://www.snort.org

  4. Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX Security Symposium San Antonio, Texas, Jan 26–29, Lawrence Berkeley National Laboratory, Berkeley, CA (1998)

    Google Scholar 

  5. Ristic, I.: ModSecurity handbook: the complete guide to the popular open source web application firewall (2010)

    Google Scholar 

  6. Naxsi (Nginx Anti Xss & Sql Injection). Available at: https://www.owasp.org/index.php/OWASP_NAXSI_Project

  7. Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q.: AVOIDIT: a cyber attack Taxonomy, University of Memphis. In: 9th Annual Symposium On Information Assurance (Asia’14), Albany, NY (2014)

    Google Scholar 

  8. Simmons, C.B., Shiva, S.G., Bedi, H., Shandilya, V.: ADAPT: a game inspired attack-defense and performance metric Taxonomy, University of Memphis. In: Proceedings of 28th IFIP 11th International Conference SEC 2013, Auckland, New Zealand (2013)

    Google Scholar 

  9. Wu, Z., Ou, Y., Liu, Y.: A Taxonomy of network and computer attacks based on responses. In: Proceedings of International Conference on Information Technology, Computer Engineering and Management Sciences (ICM) (2011)

    Google Scholar 

  10. Dasgupta, D., Gonzalez, F.A.: An intelligent decision support system for intrusion detection and response. In: The International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security, Springer, Vol. 2052, Jan 2001

    Google Scholar 

  11. Golling, M., Koch, R., Hofstede, R.: Towards multi-layered intrusion detection in high-speed networks. In: Proceedings of 6th International conference on cyber conflict. Universität der Bundeswehr München Neubiberg, Germany, University of Twente Enschede, Netherlands (2014)

    Google Scholar 

  12. Eckmann, S., Vigna, G., Kemmerer, R.: STATL: an attack language for state-based intrusion detection. University of California Santa Barbara (2000)

    Google Scholar 

  13. Kumar, S., Spafford, E.H.: A pattern-matching model for misuse intrusion detection. In: Proceedings of the national computer security conference (1994)

    Google Scholar 

  14. Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. ONERA/NEURECOM, France, Recent Advances in Intrusion Detection (2000)

    Google Scholar 

  15. Michel, C., MĂ©, L.: Adele: an attack description language for knowledge-based intrusion detection. In: Proceedings of 16th International Conference on Information Security (IFIP/SEC) (2001)

    Google Scholar 

  16. Vankamamidi, R.S.: ASL: a specification language for intrusion detection and network monitoring. Master’s Thesis, Iowa State University (1998)

    Google Scholar 

  17. Labib, K., Vemuri, V.R.: Anomaly detection using S language framework: clustering and visualization of intrusive attacks on computer systems. In: Proceedings of Fourth Conference on Security and Network Architectures. University of California (2005)

    Google Scholar 

  18. Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: Proceedings of SOSP Conference on Stony Brook University (2003)

    Google Scholar 

  19. Bashah, N., Shanmugam, I.B.: Novel attack detection using fuzzy logic and data mining. In: Proceedings of the 2006 International Conference on Security and Management, SAM 2006, Las Vegas, Nevada, USA, June 26–29, 2006. CSREA Press (2006)

    Google Scholar 

  20. Open Source Vulnerability Database OSVBD. Available at: http://www.osvdb.org

  21. Common Vulnerabilities and Exposures CVE. Available at: http://www.cve.mitre.org

  22. Charroux, B., Sliman, L., Stroppa, Y.: Compose: a domain specific language for scientific code computation. In: Proceedings of CFIP-NOTERE, IEEE, Paris (2015)

    Google Scholar 

  23. Srinivasan, K.: Introduction to spring expression language, spring framework (2011). Available at: http://www.javabeat.net/introduction-to-spring-expression-language-spel/

Download references

Author information

Authors and Affiliations

  1. Telecom ParisTech, Paris, France

    Samih Souissi

  2. EFREI Engineering College, Villejuif, France

    Layth Sliman & Benoit Charroux

Authors
  1. Samih Souissi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Layth Sliman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Benoit Charroux
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Samih Souissi or Layth Sliman .

Editor information

Editors and Affiliations

  1. Machine Intelligence Research Labs (MIR Labs), Scientific Network for Innovation and Research Excellence, Auburn, Washington, USA

    Ajith Abraham

  2. Department of Computer Science and Engineering, Chung-Ang University, Dongjak-gu, Korea (Republic of)

    Sang Yong Han

  3. Department of Computer Science, Gulf University for Science and Technology, Kuwait, Kuwait

    Salah A. Al-Sharhan

  4. Department of Computer, Shcol of Computer Science and Engineering, Dalian Maritime University, Dalian, China

    Hongbo Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Souissi, S., Sliman, L., Charroux, B. (2016). A Novel Security Architecture Based on Multi-level Rule Expression Language. In: Abraham, A., Han, S., Al-Sharhan, S., Liu, H. (eds) Hybrid Intelligent Systems. HIS 2016. Advances in Intelligent Systems and Computing, vol 420. Springer, Cham. https://doi.org/10.1007/978-3-319-27221-4_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27221-4_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27220-7

  • Online ISBN: 978-3-319-27221-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation