Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ECBS
2007
IEEE
2007
IEEE
An Event-Driven Architecture for Fine Grained Intrusion Detection and Attack Aftermath Mitigation
In today’s computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of intrusion, we propose an event-driven architecture that provides fine grained intrusion detection and decision support capability. Within this architecture, an incoming event is scrutinized by the Subject-VerbObject multipoint monitors. Deviations from normal behavior detected by SVO monitors will trigger different alarms, which are sent to subsequent fusion and verification modules to reduce the false positive rate. The system then performs impact analysis by studying real-time system metrics, collected through the Windows Management Instrumentation interface. We add to the system the capability to assist the administrator in taking effective actions to mitigate the aftermath of an intrusion.
Real-time TrafficDecision Support Capability | ECBS 2007 | Grained Intrusion Detection | Hardware | Today’s Computing Environment |
| Added | 18 Oct 2010 |
| Updated | 18 Oct 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ECBS |
| Authors | Jianfeng Peng, Chuan Feng, Haiyan Qiao, Jerzy W. Rozenblit |
Comments (0)
Researcher Info
|
