Expanding topological vulnerability analysis to intrusion detection through the incident response intelligence system

Dimitrios Patsos (Department of Informatics, University of Piraeus, Piraeus, Greece)
Sarandis Mitropoulos (Department of Informatics, University of Piraeus, Piraeus, Greece)
Christos Douligeris (Department of Informatics, University of Piraeus, Piraeus, Greece)

Information Management & Computer Security

ISSN: 0968-5227

Publication date: 12 October 2010

Abstract

Purpose

The paper proposes looking at the automation of the incident response (IR) process, through formal, systematic and standardized methods for collection, normalization and correlation of security data (i.e. vulnerability, exploit and intrusion detection information).

Design/methodology/approach

The paper proposes the incident response intelligence system (IRIS) that models the context of discovered vulnerabilities, calculates their significance, finds and analyzes potential exploit code and defines the necessary intrusion detection signatures that combat possible attacks, using standardized techniques. It presents the IRIS architecture and operations, as well as the implementation issues.

Findings

The paper presents detailed evaluation results obtained from real‐world application scenarios, including a survey of the users' experience, to highlight IRIS contribution in the area of IR.

Originality/value

The paper introduces the IRIS, a system that provides detailed security information during the entire lifecycle of a security incident, facilitates decision support through the provision of possible attack and response paths, while deciding on the significance and magnitude of an attack with a standardized method.

Keywords

Citation

Patsos, D., Mitropoulos, S. and Douligeris, C. (2010), "Expanding topological vulnerability analysis to intrusion detection through the incident response intelligence system", Information Management & Computer Security, Vol. 18 No. 4, pp. 291-309. https://doi.org/10.1108/09685221011079207

Download as .RIS

Publisher

:

Emerald Group Publishing Limited

Copyright © 2010, Emerald Group Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.