Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defenseagainst a variety of attacks that can compromise the security and proper functioningof an enterprise information system. IDPSs can be network or host-based and can collaboratein order to provide better detection of malicious traffic. Although several IDPSsystems have been proposed, their appropriate con figuration and control for e effective detection/prevention of attacks and efficient resource consumption is still far from trivial.Another concern is related to the slowing down of system performance when maximumsecurity is applied, hence the need to trade obetween security enforcement levels and theperformance and usability of an enterprise information system.In this dissertation, we present a security management framework for the configurationand control of the security enforcement mechanisms of an enterprise information system.The approach leverages the dynamic adaptation of security measures based on the assessmentof system vulnerability and threat prediction, and provides several levels of attackcontainment. Furthermore, we study the impact of security enforcement levels on theperformance and usability of an enterprise information system. In particular, we analyzethe impact of an IDPS con figuration on the resulting security of the network, and on thenetwork performance. We also analyze the performance of the IDPS for different con figurationsand under different traffic characteristics. The analysis can then be used to predictthe impact of a given security con figuration on the prediction of the impact on networkperformance.
【 预 览 】
附件列表
Files
Size
Format
View
Security Configuration Management in Intrusion Detection and Prevention Systems