期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:5
页码:427-438
DOI:10.14257/ijsia.2014.8.5.37
出版社:SERSC
摘要:The multi-context attacks are serious challenges to security detection process. Actually, each security solution produces a considerable number of security events, heterogeneous and difficult to correlate. Sensors usually work independently making hard to extract security information related to a multi-step attacks. Therefore, correlation and sharing mechanism becomes the key to deal with such challenging IT security threats. This paper provides an analysis of the current security state and proposes our security architecture based on local and global contextual protections that share security events in a real time IF-MAP approach in response to malicious activities. As to implementation phase we used opensource Omapd as a MAPS central data repository, apache web server and iptables as MAPC clients in perspective to provide real time containment when attacks are detected.
