Foundations for Intrusion Prevention

Thumbnail Image

Files

DIMVA2004-Rubin_et_al.pdf (464.47 KB)

Date

2004-07

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Gesellschaft für Informatik

Abstract

We propose an infrastructure that helps a system administrator to identify a newly published vulnerability on the site hosts and to evaluate the vulnerability’s threat with respect to the administrator’s security priorities. The infrastructure foundation is the vulnerability semantics, a small set of attributes for vulnerability definition. We demonstrate that with a few attributes it is possible to define the majority of the known vulnerabilities in a way that (i) facilitates their accurate identification, and (ii) enables the administrator to rank the vulnerabilities found according to the organization’s security priorities. A large scale experiment demonstrates that our infrastructure can find significant vulnerabilities even in a site with a high security awareness.

Description

Table of contents

Keywords

Intrusion Prevention

Citation

Rubin, Shai; Alderman, Ian D.; Parter, David W.; Vernon, Mary K.: Foundations for Intrusion Prevention. In Flegel, U.; Meier, M. (Eds.): Proc. of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment, number P-46 in Lecture Notes in Informatics, pp. 143-160, Dortmund, Germany, July 2004, Köllen Verlag; ISBN 3-88579-365-X.

URI

http://hdl.handle.net/2003/22840
 http://dx.doi.org/10.17877/DE290R-14462

Collections

Papers