Abstract
Automatic response in an intrusion detection process is a difficult problem. Indeed activating an inappropriate countermeasure for a given attack can have deleterious effects on the system which must be protected. In some cases the countermeasure can be more harmful than the attack it is targeted against. Moreover, given an attack against a specific system, the best countermeasure to apply depends on the context in which the system is operating. For example in the case of an automotive system, the fact that the vehicle is operating downtown or on a freeway changes the impact an attack may have on the system. This paper introduces a novel approach which uses an argumentative logic framework to reason and select the most appropriate countermeasure given an attack and its context.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dung, P.M.: On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming and n-person games. Artif. Intell. 77(2), 321–357 (1995)
Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)
Cuppens, F., Autrel, F., Bouzida, Y., García, J., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Annales des Télécommunications 61(1–2), 197–217 (2006)
Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical report (2000)
Benferhat, S., Autrel, F., Cuppens, F.: Enhanced correlation in an intrusion detection process. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 157–170. Springer, Heidelberg (2003)
Dimopoulos, Y., Kakas, A.C.: Logic programming without negation as failure. In: Lloyd, J.W. (ed.) ILPS, pp. 369–383. MIT Press (1995)
Samarji, L., Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Dubus, S.: Situation calculus and graph based defensive modeling of simultaneous attacks. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 132–150. Springer, Heidelberg (2013)
Bench-Capon, T.J.M.: Value-based argumentation frameworks. In: 9th International Workshop on Non-monotonic Reasoning (NMR 2002), Proceedings, Toulouse, France, 19–21 April 2002, pp. 443–454 (2002)
Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Sec. 7(4), 285–305 (2008)
EVITA Project: E-safety Vehicle InTrusion protected Applications. http://www.evita-project.org
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462, May 2010
Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall configuration management. In: Integrated Network Management, pp. 180–187. IEEE (2009)
Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall policy specification and analysis. In: State, R., van der Meer, S., O’Sullivan, D., Pfeifer, T. (eds.) DSOM 2006. LNCS, vol. 4269, pp. 185–196. Springer, Heidelberg (2006)
Applebaum, A., Levitt, K.N., Rowe, J., Parsons, S.: Arguing about firewall policy. In: Verheij, B., Szeider, S., Woltran, S. (eds.) COMMA. Frontiers in Artificial Intelligence and Applications, vol. 245, pp. 91–102. IOS Press (2012)
Bouyahia, T., Idrees, M.S., Cuppens-Boulahia, N., Cuppens, F., Autrel, F.: Metric for security activities assisted by argumentative logic. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 183–197. Springer, Heidelberg (2015)
Bench-Capon, T.J.M.: Persuasion in practical argument using value-based argumentation frameworks. J. Log. Comput. 13(3), 429–448 (2003)
Martinelli, F., Santini, F.: Debating cybersecurity or securing a debate? In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 239–246. Springer, Heidelberg (2015)
Rowe, J., Levitt, K., Parsons, S., Sklar, E., Applebaum, A., Jalal, S.: Argumentation logic to assist in security administration. In: Proceedings of the 2012 Workshop on New Security Paradigms, NSPW 2012, pp. 43–52. ACM, New York (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Bouyahia, T., Autrel, F., Cuppens-Boulahia, N., Cuppens, F. (2016). Context Aware Intrusion Response Based on Argumentation Logic. In: Lambrinoudakis, C., Gabillon, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2015. Lecture Notes in Computer Science(), vol 9572. Springer, Cham. https://doi.org/10.1007/978-3-319-31811-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-31811-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31810-3
Online ISBN: 978-3-319-31811-0
eBook Packages: Computer ScienceComputer Science (R0)