Skip to main content
SpringerLink
Log in

Security Incident Response: Towards a Novel Decision-Making System

  • Conference paper
  • First Online:
Intelligent Systems Design and Applications (ISDA 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 557))

Abstract

Cyber-attacks have become more complex and unpredictable. Due to their devastating impacts, choosing the appropriate response has become a priority for corporations. This paper introduces an incident response system based on a supervised machine learning model. It offers a framework to process alerts and enhance them to classify and defend against sophisticated attacks. Our method helps security analysts handle alerts and apply the most appropriate response mechanisms, thanks to a high level of abstraction of attack description and supervised learning model. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms. The originality of our work is the ability of this system to provide a response to an attack the system face for the first time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. The Global Information Risk Report (2013). www.weforum.org/reports

  2. Sherif, J.S., Ayers, R., Dearmond, T.G.: Intrusion detection: the art and the practice. Part I. Inf. Manag. Comput. Secur. 11, 175–186 (2003)

    Article  Google Scholar 

  3. Sherif, J.S., Dearmond, T.G.: Intrusion detection: systems and models. In: Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2002) (2002)

    Google Scholar 

  4. Bromiley, M.: Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey. SANS Institute, June 2016

    Google Scholar 

  5. Souissi, S.: A novel response-oriented attack classification. In: CFIP-NOTERE Conference, Paris-France, July 2015

    Google Scholar 

  6. Souissi, S., Sliman, L., Charroux, B.: A novel security architecture based on multi-level rule expression language. In: Abraham, A., Han, S.Y., Al-Sharhan, S.A., Liu, H. (eds.) HIS 2015. AISC, vol. 420, pp. 259–269. Springer, Heidelberg (2016). doi:10.1007/978-3-319-27221-4_22

    Chapter  Google Scholar 

  7. Snort IDS. http://www.snort.org

  8. Suricata IDS. http://suricata-ids.org/

  9. Paxson, V.: Bro: a system for detecting network intruders in real-time. In: 7th USENIX Security Symposium, Texas, Lawrence Berkeley National Laboratory, Berkeley (1998)

    Google Scholar 

  10. Ristic, I.: ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall. Feisty Duck, London (2010)

    Google Scholar 

  11. Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q.: AVOIDIT: a cyber attack taxonomy, University of Memphis. In: ASIA Conference, Albany, NY (2014)

    Google Scholar 

  12. Simmons, C.B., Shiva, S., Simmons, L.: A qualitative analysis of an ontology based issue resolution system for cyber attack management. University of Memphis. In: Conference on Cyber Technology in Automation, Control and Intelligent Systems, China (2014)

    Google Scholar 

  13. Wu, Z., Ou, Y., Liu, Y.: A taxonomy of network and computer attacks based on responses. In: Proceedings of International Conference on Information Technology, Computer Engineering and Management Sciences (ICM) (2011)

    Google Scholar 

  14. Dasgupta, D., Gonzalez, F.A.: An intelligent decision support system for intrusion detection and response. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 1–14. Springer, Heidelberg (2001). doi:10.1007/3-540-45116-1_1

    Chapter  Google Scholar 

  15. Golling, M., Koch, R., Hofstede, R.: Towards multi-layered intrusion detection in high-speed networks. In: Proceedings of 6th International Conference on Cyber Conflict, Universität der Bundeswehr München Neubiberg, Germany, University of Twente Enschede, Netherlands (2014)

    Google Scholar 

  16. AlienVault OSSIM. http://www.alienvault.com/products/ossim

  17. Prelude SIEM. http://www.prelude-siem.com/

  18. Common Vulnerabilities and Exposures CVE. http://www.cve.mitre.org

  19. Common Vulnerability Scoring System CVSS. https://www.first.org/cvss

  20. National Vulnerability Database NVD. https://nvd.nist.gov/

  21. Srinivasan, K.: Introduction to Spring Expression Language, Spring Framework (2011)

    Google Scholar 

  22. Weka3: Data Mining Software in Java. http://www.cs.waikato.ac.nz/ml/weka/

  23. Schapire, R.E.: Explaining AdaBoost. In: Schölkopf, B., Luo, Z., Vovk, V. (eds.) Empirical Inference, pp. 37–52. Springer, Heidelberg (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telecom ParisTech, Paris, France

    Samih Souissi & Ahmed Serhrouchni

  2. EFREI Engineering College, Villejuif, France

    Layth Sliman & Benoit Charroux

Authors
  1. Samih Souissi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmed Serhrouchni
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Layth Sliman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benoit Charroux
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Samih Souissi .

Editor information

Editors and Affiliations

  1. Departamento de Engenharia Informática, Instituto Superior de Engenharia do Port, Porto, Portugal

    Ana Maria Madureira

  2. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs, Auburn, Washington, USA

    Ajith Abraham

  3. Polytechnic Institute of Porto, Felgueiras, Portugal

    Dorabela Gamboa

  4. Campus of Gualtar, University of Minho, Braga, Portugal

    Paulo Novais

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Souissi, S., Serhrouchni, A., Sliman, L., Charroux, B. (2017). Security Incident Response: Towards a Novel Decision-Making System. In: Madureira, A., Abraham, A., Gamboa, D., Novais, P. (eds) Intelligent Systems Design and Applications. ISDA 2016. Advances in Intelligent Systems and Computing, vol 557. Springer, Cham. https://doi.org/10.1007/978-3-319-53480-0_66

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-53480-0_66

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-53479-4

  • Online ISBN: 978-3-319-53480-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation