Authors:
Jorge E. López de Vergara
1
;
Enrique Vázquez
2
and
Javier Guerra
2
Affiliations:
1
Escuela Politécnica Superior, Universidad Autónoma de Madrid, Spain
;
2
E.T.S.I. de Telecomunicación, Universidad Politécnica de Madrid, Spain
Keyword(s):
Attack reaction, policy instantiation, ontology, OrBAC, IDMEF, OWL, SWRL.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Data Engineering
;
Databases and Data Security
;
Information and Systems Security
;
Insider Threats and Countermeasures
;
Internet Technology
;
Intrusion Detection & Prevention
;
Web Information Systems and Technologies
Abstract:
A quick and efficient reaction to an attack is important to address the evolution of security incidents in current communication networks. The ReD (Reaction after Detection) project’s aim is to design solutions that enhance the detection/reaction security process. This will improve the overall resilience of IP networks to attacks, helping telecommunication and service providers to maintain sufficient quality of service to comply with service level agreements. A main component within this project is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based methodology for the instantiation of these security policies. This approach provides a way to map alerts into attack contexts, which are later used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.