DMKB : A Defense Mechanism Knowledge Base
The major cause of the internet incidents is the vulnerability, which is usually exploited by human attackers or worm virus. Thus the implementation of database on vulnerability is most valuable. If vulnerability is found newly, its information can be included in this database. The contemporary vulnerability databases, however, show weakness in describing countermeasures, although they are practically useful in removing or avoiding vulnerability. This comes from the lack of the analysis process on both semantics and patterns for countermeasures. In this paper, we defined the countermeasures in view of defense mechanism and suggested their representation schemes. In semantics, defense mechanisms can be classified into prevention, detection, recovery and tolerance. And they can be expressed in patterns as the composition of aim, condition, and action. Considering these features, we implemented a knowledge base on defense mechanism – DMKB. By using DMKB, users can get almost whole knowledge with keyword searching under GUI. Our DMKB can be utilized in automatic security testing and management for a given system.
KeywordsDefense Mechanism Intrusion Detection Security Policy Intrusion Detection System Knowledge Representation Scheme
Unable to display preview. Download preview PDF.
- 1.Lipson, H.F.: Tracking and Training Cyber-Attacks: Technical Challenges and Global Policy Issues. Special Report No. CMU/SEI-2002-SR-009, Software Engineering Institute, Carnegie Mellon University, Pittsburgh PA, 9-12 (2002) Google Scholar
- 4.Kim, H., Koh, K., Shin, D., Kim, H.: Vulnerability Assessment Simulation for Information Infrastructure Protection. In: Infrastructure Security Conference 2002, Bristol, UK (2002)Google Scholar
- 5.Ilgun, K.: USTAT - A Real Time Intrusion Detection System for UNIX, MS Degree Dissertation, Univ. of California at Santa Barbara (1992) Google Scholar
- 8.F/W-1 User’s Manual, CheckPoint Google Scholar
- 10.Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents. SANDIA98-8667 Sandia National Laboratories, pp. 8–16 (1998) Google Scholar
- 11.Bishop, M.: Vulnerabilities Analysis. Proceedings of the Recent Advances in Intrusion Detection (1999)Google Scholar