Arquitectura Distribuida para la Respuesta Automática a Intrusiones en un IRS Basado en Ontologías
##plugins.themes.bootstrap3.article.main##
Resumen
En el presente trabajo se hace la propuesta de una arquitectura distribuida, segura y escalable para la ejecución automática a intrusiones  que se integrarán en un AIRS basado en ontologías. La arquitectura propuesta consta de seis componentes: Sistemas de Detección de Intrusiones, Razonador AIRS, módulo central de ejecución, módulo de comunicación, agentes de ejecución y los componentes de seguridad. El agente de ejecución se basa en plugins, por lo que permite un fácil despliegue de nuevas acciones de respuesta que interactúan con otros componentes de seguridad. Para validar la arquitectura propuesta se ha desplegado una red de prueba con VNX (Virtual Network over linuX), en el que se ejecutan  diferentes ataques  procedentes de dentro y fuera de la red de la organización obteniendo resultados satisfactorios.
Abstract: This paper proposes a distributed, secure and scalable architecture to implement response actions that will be integrated into Ontologies-based AIRS. The proposed architecture involves six components: Intrusion Detection Systems, AIRS Reasoner, Execution Central Module, Communication Module, Execution Agents and the Security Component. The Execution Agent is based on plugins, so it allows easy deployment of new response actions that interact with other Security Components. To validate the proposed architecture we have deployed a test network using the Virtual Network over LinuX tool. We deploy different attacks originating from inside and outside the organization network obtaining satisfactory results.
Â
Â
Â
Â
Descargas
Descargas
Detalles del artículo
Citas
Symantec. Symantec Internet Security threat Report, 2011 trends. Symantec Corporation. USA. 2012 Available:
J. P. Anderson, "Computer Security Threat Monitoring and Surveillance," National Institute of Standards and Technology (NIST), 1980.
N. B. Anuar, M. Papadaki, S. Furnell and N. Clarke, "An Investigation and Survey of Response Options for Intrusion Response Systems (IRSs)," Information Security for South Africa (ISSA), 2010, pp. 1-8, 2010.
M. Papadaki and S. Furnell, "IDS or IPS: what is best?" Network Security, vol. 2004, pp. 15-19, 2004.
N. Stakhanova, S. Basu, J. Wong, D. P. IEEE Tech Comm and Nokia, "A Costsensitive Model for Preemptive Intrusion Response System," pp. 9, 2007.
M. Tavallaee, N. Stakhanova and A. A. Ghorbani, "Toward credible Evaluation of Anomaly-based Intrusion-Detection Methods," Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 40, pp. 516-524, 2010.
G. M. Nazer and A. A. L. Selvakumar, "Current Intrusion Detection Techniques in Information Technology-A Detailed Analysis," European Journal of Scientific Research, vol. 65, pp. 611-624, 2011.
S. Mallissery, J. Prabhu and R. Ganiga, "Survey on Intrusion Detection Methods," in Advances in Recent Technologies in Communication and Computing (ARTCom 2011), 3rd International Conference on, 2011, pp. 224-228.
N. Stakhanova, S. Basu and J. Wong, "A Taxonomy of Intrusion Response Systems," International Journal of Information and Computer Security, vol. 1, pp. 169-184, 2007.
V. Mateos, V. Villagrá and F. Romero, "Ontologies-Based Automated Intrusion Response System," Computational Intelligence in Security for Information Systems 2010, pp. 99-106, 2010.
V. Mateos, V. A. Villagrá, F. Romero and J. Berrocal, "Definition of Response Metrics for an Ontology-based Automated Intrusion Response Systems," Comput. Electr. Eng., 2012.
W3C. OWL 2 Web Ontology Language. W3C Recommendation 2012. Available: OWL 2 Web Ontology Language.
W3C. SWRL: A Semantic Web Rule Language. 2004. Available: