@inproceedings{83f1a6ebb8d843eeba6999a69e8bd617,
title = "Collaborative incident handling based on the blackboard-pattern",
abstract = "Defending computer networks from ongoing security incidents is a key requirement to ensure service continuity. Handling incidents in real-time is a complex process consisting of the three single steps: intrusion detection, alert processing and intrusion response. For useful and automated incident handling a comprehensive view on the process and tightly interleaved single steps are required. Existing solutions for incident handling merely focus on a single step leaving the other steps completely aside. Incompatible and encapsulated partial solutions are the consequence. This paper proposes an incident handling systems (IHS) based on a novel execution model that allows interleaving and collaborative interaction between the incident handling steps realized using the Blackboard Pattern. Our holistic information model lays the foundation for a con ictfree collaboration. The incident handling steps are further segmented into exchangeable functional blocks distributed across the network. To show the applicability of our approach, typical use cases for incident handling systems are identified and tested with our implementation.",
keywords = "Blackboard pattern, Collaborative knowledge sharing, Incident handling",
author = "Nadine Herold and Holger Kinkelin and Georg Carle",
note = "Publisher Copyright: {\textcopyright} 2016 ACM.; 3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016 ; Conference date: 24-10-2016",
year = "2016",
month = oct,
day = "24",
doi = "10.1145/2994539.2994545",
language = "English",
series = "WISCS 2016 - Proceedings of the 2016 ACM Workshop on Information Sharing and Collaborative Security, co-located with CCS 2016",
publisher = "Association for Computing Machinery, Inc",
pages = "25--34",
booktitle = "WISCS 2016 - Proceedings of the 2016 ACM Workshop on Information Sharing and Collaborative Security, co-located with CCS 2016",
}