Skip to main content
SpringerLink
Log in

Towards a Global Security Architecture for Intrusion Detection and Reaction Management

  • Conference paper
Information Security Applications (WISA 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2908))

Included in the following conference series:

Abstract

Detecting efficiently intrusions requires a global view of the monitored network. This can only be achieved with an architecture which is able to gather data from all sources. A Security Operation Center (SOC) is precisely dedicated to this task. In this article, we propose our implementation of the SOC concept that we call SOCBox.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (April 1980)

    Google Scholar 

  2. Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: 17th Annual Computer Security Applications Conference, New-Orleans (December 2001)

    Google Scholar 

  3. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Research in Security and Privacy (Mai 002)

    Google Scholar 

  4. Curry, D., Debar, H.: Intrusion detection message exchange format data model and extensible markup language (xml) document type definition. Technical report, IETF Intrusion Detection Working Group (January 2003)

    Google Scholar 

  5. Neumann, P.G., Porras, P.A.: Experience with EMERALD to date. In: First USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 73–80, Santa Clara, California (April 1999)

    Google Scholar 

  6. Ning, P., Jajodia, S., Wang, X.S.: Design and implementation of a decentralized prototype system for detecting distributed attacks. Computer Communications 25, 1374 (1970)

    Article  Google Scholar 

  7. Northcutt, S., Novak, J.: Network Intrusion Detection, 3rd edn., New Riders (September 2002) ISBN: 0-73571-265-4

    Google Scholar 

  8. Schneier, B.: Attack trees. Dr. Dobb’s Journal (December 1999)

    Google Scholar 

  9. Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: Grids - a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, vol. 1, pp. 361–370 (October 1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Iv2 Technologies, 20, rue du Colombier, 94360, Bry sur Marne, France

    Renaud Bidou

  2. LIFC, Universite de Franche-Comte, 4, place Tharradin, 25211, Montbeliard, France

    Julien Bourgeois & Francois Spies

Authors
  1. Renaud Bidou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julien Bourgeois
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francois Spies
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science and Engineering, Ewha Womans University, Korea

    Ki-Joon Chae

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bidou, R., Bourgeois, J., Spies, F. (2004). Towards a Global Security Architecture for Intrusion Detection and Reaction Management. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24591-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20827-3

  • Online ISBN: 978-3-540-24591-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation