Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software
| dc.contributor.author | Kaiser, Jochen | |
| dc.contributor.author | Vitzthum, Alexander | |
| dc.contributor.author | Holleczek, Peter | |
| dc.contributor.author | Dressler, Falko | |
| dc.contributor.editor | Göbel, Oliver | |
| dc.contributor.editor | Schadt, Dirk | |
| dc.contributor.editor | Frings, Sandra | |
| dc.contributor.editor | Hase, Hardo | |
| dc.contributor.editor | Günther, Detlef | |
| dc.contributor.editor | Nedon, Jens | |
| dc.date.accessioned | 2019-06-04T08:24:21Z | |
| dc.date.available | 2019-06-04T08:24:21Z | |
| dc.date.issued | 2006 | |
| dc.description.abstract | Today, many end systems are infected with malicious software (malware). Often, infections will last for a long time due to missing (auto- mated) detection or insufficient user knowledge. Even large organizations usually do not have the necessary security staff to handle all affected computers. Obviously, automated infections with malicious software cannot be handled by manual repair; new approaches are needed. One way to encounter automatic mass infections is to semi-automate the incident management. Less important security incidents should be handled by the user himself while serious incidents should be forwarded to qualified personal. To enable the end user resolving his own security incidents, both organizational and technical information have to be provided in a comprehensible way. This paper describes PRISM (Portal for Reporting Incidents and Solution Management), which consists of several components addressing the goal: a unit receiving security incidents in the IDMEF format, a component containing the logic for handling security incidents and corresponding remedies, and a component generating dynamic web pages presenting adequate solutions for recorded security incidents. PRISM was verified using case studies for universities, companies and end-user/provider scenarios. | en |
| dc.identifier.isbn | 978-3-88579-191-1 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/23464 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e. V. | |
| dc.relation.ispartof | IT-Incident Management & IT-Forensics - IMF 2006 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-97 | |
| dc.subject | Incident Management | |
| dc.subject | Malicious Software | |
| dc.subject | Massive infections | |
| dc.title | Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 103 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 92 | |
| gi.conference.date | October, 18th - 19th, 2006 | |
| gi.conference.location | Stuttgart | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1