Study on the Architecture of Computer Emergency Response System

doi:10.7523/j.issn.2095-6134.2004.2.009

Abstract

Abstract:

Emergency Response is regarded as the key problem of dynamic security of computer and network systems.In this paper, we propose the architecture of Computer Emergency Response System based on hierarchicalmodel, including security service layer, system module layer and security research layer. Explicit definitions offunctional requirements, module partitions and corresponding technical supports of this architecture are given. Severalconcerned items, such as Incident Response, Security Surveillance, Intrusion Traceback, Disaster Recovery,and other relevant security services (Security Consultation, Security Bulletin and Security Analysis),are also discussedin detail.

Key words: emergency response, computer emergency response team (CERT), architecture

CLC Number:

TP393.08

LIAN Yi-Feng, DAI Ying-Xia. Study on the Architecture of Computer Emergency Response System[J]. , 2004, 21(2): 202-209.

References

[1] Nat ional Security Agency Informat ion Assurance Solut ions Technical Directors.Informat ion Assurance Technical Framework.http: www.iatf.net.2000

[2] 戴英侠, 连一峰, 王航.系统安全与入侵检测.北京: 清华大学出版社, 2002

[3] 单国栋, 戴英侠, 王航.计算机漏洞分类研究.计算机工程, 2002, 28(10)

[4] M Hsueh, T Tsai, R K Iyer.Fault inject ion techniques and tools.Computer, 1997, 30(4) :75 82

[5] D Wagner, J S Fost er, E A Brew er, A Aiken.A f irst st ep towards automat ed detection of buffer overrun vulnerabilities.In: Proceedings of 7thNetwork and Distribut ed Syst em Security Symposium.2000

[6] C Kahn, P A Porras, S St aniford-Chen, B Tung.A common intrusion det ection framework.(Submitted to Journal of Comput er Security) 1998

[7] Intrusion Det ection Working Group.Intrusion detect ionmessage exchange format dat a model and extensible markup language (XML) document typedefinition.http:www.ietf.orgint erne-t draftsdraf-t iet-f idwg-idme-f xm-l 10.txt.2003

[8] Intrusion Det ection Working Group.The intrusion detect ion exchange protocol (IDXP).http: www.ietf.orginterne-t drafts draf-t iet-f idwg-beepidxp-04.txt.2002

[9] Denning D.An int rusion detection model.IEEE transaction on S of tware Engineering, 1987, 13(2) : 222 232

[10] Wenke Lee.A Data Mining Framework for Constructing Features and Models for Intrusion Det ection Systems: [PhD Dissert ation].Columbia Un-iversit y, 1999

[11] Anup K Ghosh, Aaron Schwartzbard, Michael Schat z.Learning program behavior profiles for int rusion det ection.In: Proceedings of the 1st USENIXWorkshop on Intrusion Det ection and Network Monitoring.Sant a Clara, California, 1999

[12] S A Hofmeyr, S Forrest, A Somayaji.Intrusion detect ion using sequences of system cal ls.Journal of Computer Security, 1998, 6: 151 180

[13] Me L.Genet ic algorithms, a biologically inspired approach for security audit trails analysis, short paper, present ed at the 1996 IEEE Symposium onSecurity and Privacy.Oakland, CA, 1996

[14] Rebecca Gurley Bace.Intrusion Detect ion.U S A: Macmillan Technical Publishing, 1999

[15] Sushil Jajodia, Peng Liu, Paul Ammann.A fault tol erance approach to survivability.Symposium on Prot ecting NATO Informat ion Systems in the21st Century.Washington D C, 1999