Abstract
This paper introduces an attack detection and response system based on multi-level rule expression language. It provides a framework to evaluate, identify, classify and defend against sophisticated attacks. Our approach helps simplifying complex rules’ expression and alert handling, thanks to a modular architecture and an intuitive rules along with a powerful expression language. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Vennila, D., Nedunchezhian, R.: Correlated alerts and non-intrusive alerts, Department of Computer Science, Anna University of Technology/Sri Ramakrishna Engineering College, India. Int. J. Soft Comput. 7, 302–309 (2012)
Souissi, S., Serhrouchni, A.: AIDD: a novel generic attack modeling approach. In: Télécom ParisTech, Proceedings of HSPC Conference, Bologne-Italy (2014)
Snort IDS. Available at: http://www.snort.org
Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX Security Symposium San Antonio, Texas, Jan 26–29, Lawrence Berkeley National Laboratory, Berkeley, CA (1998)
Ristic, I.: ModSecurity handbook: the complete guide to the popular open source web application firewall (2010)
Naxsi (Nginx Anti Xss & Sql Injection). Available at: https://www.owasp.org/index.php/OWASP_NAXSI_Project
Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q.: AVOIDIT: a cyber attack Taxonomy, University of Memphis. In: 9th Annual Symposium On Information Assurance (Asia’14), Albany, NY (2014)
Simmons, C.B., Shiva, S.G., Bedi, H., Shandilya, V.: ADAPT: a game inspired attack-defense and performance metric Taxonomy, University of Memphis. In: Proceedings of 28th IFIP 11th International Conference SEC 2013, Auckland, New Zealand (2013)
Wu, Z., Ou, Y., Liu, Y.: A Taxonomy of network and computer attacks based on responses. In: Proceedings of International Conference on Information Technology, Computer Engineering and Management Sciences (ICM) (2011)
Dasgupta, D., Gonzalez, F.A.: An intelligent decision support system for intrusion detection and response. In: The International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security, Springer, Vol. 2052, Jan 2001
Golling, M., Koch, R., Hofstede, R.: Towards multi-layered intrusion detection in high-speed networks. In: Proceedings of 6th International conference on cyber conflict. Universität der Bundeswehr München Neubiberg, Germany, University of Twente Enschede, Netherlands (2014)
Eckmann, S., Vigna, G., Kemmerer, R.: STATL: an attack language for state-based intrusion detection. University of California Santa Barbara (2000)
Kumar, S., Spafford, E.H.: A pattern-matching model for misuse intrusion detection. In: Proceedings of the national computer security conference (1994)
Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. ONERA/NEURECOM, France, Recent Advances in Intrusion Detection (2000)
Michel, C., MĂ©, L.: Adele: an attack description language for knowledge-based intrusion detection. In: Proceedings of 16th International Conference on Information Security (IFIP/SEC) (2001)
Vankamamidi, R.S.: ASL: a specification language for intrusion detection and network monitoring. Master’s Thesis, Iowa State University (1998)
Labib, K., Vemuri, V.R.: Anomaly detection using S language framework: clustering and visualization of intrusive attacks on computer systems. In: Proceedings of Fourth Conference on Security and Network Architectures. University of California (2005)
Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: Proceedings of SOSP Conference on Stony Brook University (2003)
Bashah, N., Shanmugam, I.B.: Novel attack detection using fuzzy logic and data mining. In: Proceedings of the 2006 International Conference on Security and Management, SAM 2006, Las Vegas, Nevada, USA, June 26–29, 2006. CSREA Press (2006)
Open Source Vulnerability Database OSVBD. Available at: http://www.osvdb.org
Common Vulnerabilities and Exposures CVE. Available at: http://www.cve.mitre.org
Charroux, B., Sliman, L., Stroppa, Y.: Compose: a domain specific language for scientific code computation. In: Proceedings of CFIP-NOTERE, IEEE, Paris (2015)
Srinivasan, K.: Introduction to spring expression language, spring framework (2011). Available at: http://www.javabeat.net/introduction-to-spring-expression-language-spel/
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Souissi, S., Sliman, L., Charroux, B. (2016). A Novel Security Architecture Based on Multi-level Rule Expression Language. In: Abraham, A., Han, S., Al-Sharhan, S., Liu, H. (eds) Hybrid Intelligent Systems. HIS 2016. Advances in Intelligent Systems and Computing, vol 420. Springer, Cham. https://doi.org/10.1007/978-3-319-27221-4_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-27221-4_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27220-7
Online ISBN: 978-3-319-27221-4
eBook Packages: EngineeringEngineering (R0)