Abstract
Recently, cyber attacks become so sophisticated that conventional countermeasures that focus on preventing intrusion are becoming less effective. Thus, recent countermeasures are focusing on after intrusion such as an incident response. We previously proposed a system in order to support network administrators performing incident responses. However, our previous system uses only anomaly detection technique to detect signs of cyber attacks so that we may overlook some signs. In addition, we bother with a lot of unimportant detection reports including many false positives. Our previous system deals with detected malware one by one. Such behavior cannot cope with various situations of incidents. As a solution, this paper proposes an incident response support system based on seriousness of infection. The system combines various types of detection techniques and raises the large number of detection report. To manage detection reports, we define Infection Suspicious Level (ISL) that represents degree of suspicious about malware infection. By assigning ISL to all network segments, the system performs appropriate monitoring, analysis, and takes countermeasure semi-automatically based on ISL. The proposed system can raise a number of detection reports, reduce the false positive problem, and provide several strategies against attack.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
