Collaborative incident handling based on the blackboard-pattern

Nadine Herold, Holger Kinkelin, Georg Carle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Defending computer networks from ongoing security incidents is a key requirement to ensure service continuity. Handling incidents in real-time is a complex process consisting of the three single steps: intrusion detection, alert processing and intrusion response. For useful and automated incident handling a comprehensive view on the process and tightly interleaved single steps are required. Existing solutions for incident handling merely focus on a single step leaving the other steps completely aside. Incompatible and encapsulated partial solutions are the consequence. This paper proposes an incident handling systems (IHS) based on a novel execution model that allows interleaving and collaborative interaction between the incident handling steps realized using the Blackboard Pattern. Our holistic information model lays the foundation for a con ictfree collaboration. The incident handling steps are further segmented into exchangeable functional blocks distributed across the network. To show the applicability of our approach, typical use cases for incident handling systems are identified and tested with our implementation.

Original languageEnglish
Title of host publicationWISCS 2016 - Proceedings of the 2016 ACM Workshop on Information Sharing and Collaborative Security, co-located with CCS 2016
PublisherAssociation for Computing Machinery, Inc
Pages25-34
Number of pages10
ISBN (Electronic)9781450345651
DOIs
StatePublished - 24 Oct 2016
Event3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016 - Vienna, Austria
Duration: 24 Oct 2016 → …

Publication series

NameWISCS 2016 - Proceedings of the 2016 ACM Workshop on Information Sharing and Collaborative Security, co-located with CCS 2016

Conference

Conference3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016
Country/TerritoryAustria
CityVienna
Period24/10/16 → …

Keywords

  • Blackboard pattern
  • Collaborative knowledge sharing
  • Incident handling

Fingerprint

Dive into the research topics of 'Collaborative incident handling based on the blackboard-pattern'. Together they form a unique fingerprint.

Cite this