원문정보
초록
영어
The multi-context attacks are serious challenges to security detection process. Actually, each security solution produces a considerable number of security events, heterogeneous and difficult to correlate. Sensors usually work independently making hard to extract security information related to a multi-step attacks. Therefore, correlation and sharing mechanism becomes the key to deal with such challenging IT security threats. This paper provides an analysis of the current security state and proposes our security architecture based on local and global contextual protections that share security events in a real time IF-MAP approach in response to malicious activities. As to implementation phase we used opensource Omapd as a MAPS central data repository, apache web server and iptables as MAPC clients in perspective to provide real time containment when attacks are detected.
목차
1. Introduction
2. New Security-Context Architecture
2.1. Local Security Context
2.2. Global Security Context (correlated context)
2.3. IF-MAP - The New Security Exchange Mechanism
3. IF-MAP security collaboration protocol
3.1. IF-MAP Components
3.2. IF-MAP Features for Security
3.3. IF-MAP mechanism and operations
4. Implementation and Use Case
5. Conclusion
Reference