Collaborative incident handling based on the blackboard-pattern

WISCS 2016 - Proceedings of the 2016 ACM Workshop on Information Sharing and Collaborative Security, co-located with CCS 2016

Volumn , Issue , 2016, Pages 25-34

  Herold, Nadine ^a   Kinkelin, Holger ^a   Carle, Georg ^a  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

Blackboard pattern; Collaborative knowledge sharing; Incident handling

Indexed keywords

COMPLEX NETWORKS; INFORMATION ANALYSIS; INFORMATION DISSEMINATION; INTRUSION DETECTION; MATERIALS HANDLING; MATERIALS HANDLING EQUIPMENT; MERCURY (METAL);

BLACKBOARD PATTERN; COLLABORATIVE INTERACTION; COLLABORATIVE KNOWLEDGE; COMPLEX PROCESSES; INCIDENT HANDLING; INFORMATION MODELING; INTRUSION RESPONSE; SERVICE CONTINUITY;

NETWORK SECURITY;

EID: 84999018255     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2994539.2994545     Document Type: Conference Paper

References (29)

1. F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, and M. Stal. Pattern-oriented software architecture, Volume 1: A system of patterns. Wiley, 1996.
2. M. Dass, J. Cannady, and W. D. Potter. A blackboard-based learning intrusion detection system: a new approach. In Developments in Applied Artificial Intelligence, 2003.
3. M. Dass, J. Cannady, and W. D. Potter. Lids: A learning intrusion detection system. In FLAIRS Conference, 2003.
4. B. T. Dave and S. Jimit Mahadevia. Application profiling based on attack alert aggregation. Global Journal of Computer Science and Technology, 2014.
5. H. Debar, D. Curry, and B. Feinstein. The Intrusion Detection Message Exchange Format (IDMEF). Technical report, Internet Requests for Comments, 2007.
6. H. Elshoush. An innovative framework for collaborative intrusion alert correlation. In Science and Information Conference (SAI), 2014.
7. M. Ficco and L. Romano. A generic intrusion detection and diagnoser system based on complex event processing. In 1st International Conference on Data Compression, Communications and Processing (CCP), 2011.
8. S. Kaisler. Software Paradigms. Wiley, 2005.
9. W. Kanoun, N. Cuppens-Boulahia, F. Cuppens, S. Dubus, and A. Martin. Intelligent response system to mitigate the success likelihood of ongoing attacks. In 6th International Conference on Information Assurance and Security (IAS), 2010.
10. P. Lalanda. Two complementary patterns to build multi-expert systems. In Pattern Languages of Programs, 1997.
11. F. Manganiello, M. Marchetti, and M. Colajanni. Multistep attack detection and alert correlation in intrusion detection systems. In Information Security and Assurance, 2011.
12. P. Miller and A. Inoue. Collaborative intrusion detection system. In 22nd International Conference of the North American Fuzzy Information Processing Society (NAFIPS), 2003.
13. S. Mitropoulos, D. Patsos, and C. Douligeris. On incident handling and response: A state-of-The-Art approach. Computers & Security, 2006.
14. L. Obrst, P. Chase, and R. Markelo. Developing an ontology of the cyber security domain. In 7th International Conference on Semantic Technologies for Intelligence, Defense, and Security (STIDS), 2012.
15. J. L. Ortega-Arjona and E. B. Fernandez. The secure blackboard pattern. In Proceedings of the 15th Conference on Pattern Languages of Programs, 2008.
16. S. Ossenbühl, J. Steinberger, and H. Baier. Towards automated incident handling: How to select an appropriate response against a network-based attack? In 9th International Conference on IT Security Incident Management IT Forensics (IMF), 2015.
17. D. Ragsdale, C. Carver, J. Humphries, and U. Pooch. Adaptation techniques for intrusion detection and intrusion response systems. In IEEE International Conference on Systems, Man, and Cybernetics, 2000.
18. A. Sadighian, J. Fernandez, A. Lemay, and S. Zargar. Ontids: A highly exible context-Aware and ontology-based alert correlation framework. In Foundations and Practice of Security, 2014.
19. D. Schnackenberg, K. Djahandari, and D. Sterne. Infrastructure for intrusion detection and response. In DARPA Information Survivability Conference and Exposition (DISCEX), 2000.
20. R. Shittu, A. Healing, R. Ghanea-Hercock, R. Bloomfield, and R. Muttukrishnan. Outmet: A new metric for prioritising intrusion alerts using correlation and outlier analysis. In IEEE 39th Conference on Local Computer Networks (LCN), 2014.
21. O. Silva, A. Garcia, and C. Lucena. The reective blackboard pattern: Architecting large multi-Agent systems. In Software Engineering for Large-Scale Multi-Agent Systems, 2003.
22. J. Undercoer, A. Joshi, and J. Pinkston. Modeling computer attacks: An ontology for intrusion detection. In Recent Advances in Intrusion Detection, 2003.
23. F. Valeur, G. Vigna, C. Kruegel, and R. Kemmerer. Comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing, 2004.
24. R. van Heerden, L. Leenen, and B. Irwin. Automated classification of computer network attacks. In International Conference on Adaptive Science and Technology (ICAST), 2013.
25. M. Wachs, N. Herold, S.-A. Posselt, F. Dold, and G. Carle. Gplmt: A lightweight experimentation and testbed management framework. In 17th International Conference on Passive and Active Measurement (PAM), 2016.
26. S. Yongyong. Decision algorithm for multi-Agent intelligent decision support system based on blackboard. Information Technology Journal, 2013.
27. Z. Zhang, P.-H. Ho, and L. He. Measuring ids-estimated attack impacts for rational incident response: A decision theoretic approach. Computers & Security, 2009.
28. B. Zhu and A. A. Ghorbani. Alert correlation for extracting attack strategies. International Journal of Network Security, 2006.
29. S. Zonouz, H. Khurana, W. Sanders, and T. Yardley. Rre: A game-Theoretic intrusion response and recovery engine. IEEE Transactions on Parallel and Distributed Systems, 2014.