AIDD: A novel generic attack modeling approach

Hybrid Intelligent Systems

Sliman

Charroux

2015

Self Cite

International audienceThis paper introduces an attack detection and response system based on multi-level rule expression language. It provides a framework to evaluate, identify, classify and defend against sophisticated attacks. Our approach helps simplifying complex rules' expression and alert handling, thanks to a modular architecture and an intuitive rules along with a powerful expression language. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms. 1 Introduction Security aims at protecting firm resources from undesired access by users and applications. Improving security in enterprise information system relies on analyzing threats, risks and vulnerabilities to specify appropriate countermeasures. This imposes several challenges to tackle with security issues. One of these challenges is detection and mitigation of attacks. To deal with the growing complexity of new attacks, several solutions such as intrusion detection and prevention systems (IDS/IPS) and web application firewalls (WAF) have been proposed. These solutions can be based either on signature or on behavior detection. They play an important role in countering security threats. Signature based system tend to use static rules and to detect only specific attacks or anomalous behaviors that are already known. In anomaly-based case, they need learning process and detection is more complex. In addition, attack detection techniques are far from being satisfactory [1]. In fact, solutions like IDSs provide unmanageable amount of " false positives " alarms which are hard to inspect. Furthermore, many detection systems do not offer an appropriate compromise between acceptable performance and detection language simplicity

“…In fact, we propose a generic approach to define Attack categories based on our attack classification [2]. These categories will be the base of our detection process.…”

Section: Aidd Architecturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 98%

A Novel Security Architecture Based on Multi-level Rule Expression Language

Hybrid Intelligent Systems

Sliman

Charroux

2015

Self Cite

“…Finally, we define a Detection Database that contains all the information needed: attack classification scheme, detection rules, Attack scenarios and queries. In fact, we propose a generic approach to define Attack categories based on our attack classification [2]. These categories will be the base of our detection process.…”

Section: B Aidd Architecturementioning

confidence: 99%

“…In our context, attack modeling is crucial to the detection process, as it is closely related to the choice of implemented rules and attack detection parameters. This was the topic of our previous work [2]. The current paper focuses only on the architectural aspects showing how to bring a level of abstraction to make the detection of complex attacks more feasible and the detection rules and security policy defining process simpler.…”

Section: Introductionmentioning

confidence: 99%

Toward a novel classification-based attack detection and response architecture

2015 6th International Conference on the Network of the Future (NOF)

2015

Self Cite

International audienceAttacks on information systems have increased tremendously and have become more diverse and complex. Evolving in an unpredictable manner and having devastating outcomes, the detection and the selection of appropriate countermeasures has become a priority for security analysts. This paper introduces a classification-based Attack Detection system which provides a framework to evaluate, identify, classify and defend against sophisticated attacks. Our approach helps simplify complex rules' expression and alert handling, thanks to a modular architecture and an intuitive rules defining with a high power of expression language. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms

“…In our context, our proposal is based on an attack classification from the defender point of view [2] that helps describe the manifestation of the attack in a high level manner. Our proposed language describes an attack and associates the appropriate response according to the context and the defined security policy.…”

Section: Introductionmentioning

confidence: 99%

Toward a novel rule-based attack description and response language

2015 11th International Conference on Information Assurance and Security (IAS)

2015

Self Cite

In recent years, attacks have become more diverse and complex, their detection has emerged as a major issue and a primary security challenge. There is a need to represent and share information about these attacks. This paper presents a new language for attack detection and response. The objective is to simplify complex rules' expression, thanks to a modular and intuitive syntax that gives a high power of expression. The originality of our approach is that rules' syntax can be deduced from a certain behavior or automatically generated from a valid behavioral scenario. The paper presents the main concepts behind the proposed approach that deals with the growing complexity of information systems, applications and attacks.