Search Results

Documents authored by Debar, Hervé


Document
Network Attack Detection and Defense Early Warning Systems - Challenges and Perspectives (Dagstuhl Seminar 12061)

Authors: Georg Carle, Hervé Debar, Falko Dressler, and Hartmut König

Published in: Dagstuhl Reports, Volume 2, Issue 2 (2012)


Abstract
The increasing dependence of human society on information technology (IT) systems requires appropriate measures to cope with their misuse. The growing potential of threats, which make these systems more and more vulnerable, is caused by the complexity of the technologies themselves. The potential of threats in networked systems will further grow as well as the number of individuals who are able to abuse these systems. It becomes increasingly apparent that IT security cannot be achieved by prevention alone. Preventive measures and reactive aspects need to complement one another. A major challenge of modern IT security technologies is to cope with an exploding variability of attacks which stems from a significant commercial motivation behind them. Increasingly proactive measures are required to ward off these threats. Increased efforts in research and society are required to protect critical civil infrastructures, such as the health care system, the traffic system, power supply, trade, military networks, and others in developed countries. This is a consequence of the increasing shift of industrial IT systems to the IP protocol leading to sensible IT infrastructures which are more vulnerable as the proprietary systems used in the past. The abundance of services of modern infrastructures critically depends on information and communication technologies. Though, being key enablers of critical infrastructures, these technologies are, at the same time, reckoned among the most vulnerable elements of the whole system. The cooperative information exchange between institutions is mandatory in order to detect distributed and coordinated attacks. Based on a large-scale acquisition of pertinent information, Early Warning Systems are a currently pursued approach to draw up situation pictures that allows the detection of trends and upcoming threats, allowing furthermore taking appropriate measures. The Dagstuhl seminar brought together researchers from academia and industry. The objective of the seminar was to further discuss challenges and methods in the area of attack detection and defense. The seminar was supposed to focus on design aspects of early warning systems and related monitoring infrastructures, e.g., intrusion detection overlays, to protect computer systems, networks, and critical infrastructures. The seminar was jointly organized by Georg Carle, Hervé Debar, Hartmut König, and Jelena Mirkovic. It was attended by 34 participants from nine countries.

Cite as

Georg Carle, Hervé Debar, Falko Dressler, and Hartmut König. Network Attack Detection and Defense Early Warning Systems - Challenges and Perspectives (Dagstuhl Seminar 12061). In Dagstuhl Reports, Volume 2, Issue 2, pp. 1-20, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2012)


Copy BibTex To Clipboard

@Article{carle_et_al:DagRep.2.2.1,
  author =	{Carle, Georg and Debar, Herv\'{e} and Dressler, Falko and K\"{o}nig, Hartmut},
  title =	{{Network Attack Detection and Defense Early Warning Systems - Challenges and Perspectives (Dagstuhl Seminar 12061)}},
  pages =	{1--20},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2012},
  volume =	{2},
  number =	{2},
  editor =	{Carle, Georg and Debar, Herv\'{e} and Dressler, Falko and K\"{o}nig, Hartmut},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagRep.2.2.1},
  URN =		{urn:nbn:de:0030-drops-34761},
  doi =		{10.4230/DagRep.2.2.1},
  annote =	{Keywords: early warning systems, critical infrastructure protection, botnets, intrusion detection, malware assessment, vulnerability analysis, network monitoring, flow analysis, denial-of-service detection and response, event correlation, attack response and countermeasures}
}
Document
3. 08102 Outcome Working Group – Situational Awareness

Authors: Richard A. Kemmerer, Roland Bueschkes, Ali Fessi, Hartmut Koenig, Peter Herrmann, Stephen Wolthusen, Marko Jahnke, Hervé Debar, Ralph Holz, Tanja Zseby, and Dirk Haage

Published in: Dagstuhl Seminar Proceedings, Volume 8102, Perspectives Workshop: Network Attack Detection and Defense (2008)


Abstract
Situation awareness (SA) has been defined as "the perception of elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future" (Endsley, 1988, 1995b, 2000).

Cite as

Richard A. Kemmerer, Roland Bueschkes, Ali Fessi, Hartmut Koenig, Peter Herrmann, Stephen Wolthusen, Marko Jahnke, Hervé Debar, Ralph Holz, Tanja Zseby, and Dirk Haage. 3. 08102 Outcome Working Group – Situational Awareness. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-3, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{kemmerer_et_al:DagSemProc.08102.3,
  author =	{Kemmerer, Richard A. and Bueschkes, Roland and Fessi, Ali and Koenig, Hartmut and Herrmann, Peter and Wolthusen, Stephen and Jahnke, Marko and Debar, Herv\'{e} and Holz, Ralph and Zseby, Tanja and Haage, Dirk},
  title =	{{3. 08102 Outcome Working Group – Situational Awareness}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--3},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.3},
  URN =		{urn:nbn:de:0030-drops-14942},
  doi =		{10.4230/DagSemProc.08102.3},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
4. 8102 Working Group – Attack Taxonomy

Authors: Marc Daciér, Hervé Debar, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Konrad Rieck, and James Sterbenz

Published in: Dagstuhl Seminar Proceedings, Volume 8102, Perspectives Workshop: Network Attack Detection and Defense (2008)


Abstract
The starting point of this working group was the question about the kinds of attacks that can be detected by inspecting in network traffic. In general, we identified four major problems that network-based intrusion detection systems are facing: 1. Encrypted network traffic 2. Application-level attacks 3. Performance 4. Evasion attack.

Cite as

Marc Daciér, Hervé Debar, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Konrad Rieck, and James Sterbenz. 4. 8102 Working Group – Attack Taxonomy. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{dacier_et_al:DagSemProc.08102.4,
  author =	{Daci\'{e}r, Marc and Debar, Herv\'{e} and Holz, Thorsten and Kirda, Engin and Kohlrausch, Jan and Kruegel, Christopher and Rieck, Konrad and Sterbenz, James},
  title =	{{4. 8102 Working Group – Attack Taxonomy}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--4},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.4},
  URN =		{urn:nbn:de:0030-drops-14955},
  doi =		{10.4230/DagSemProc.08102.4},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail