Gesellschaft fr Informatik e.V.

Lecture Notes in Informatics

IT-Incident Management & IT-Forensics - IMF 2006, Conference Proceedings October, 18th - 19th, 2006, Stuttgart P-97, 92-103 (2006).



Oliver Göbel, Dirk Schadt, Sandra Frings, Hardo Hase, Detlef Günther, Jens Nedon (eds.)


Automated resolving of security incidents as a key mechanism to fight massiveinfections of malicious software

Jochen Kaiser , Alexander Vitzthum , Peter Holleczek and Falco Dressler


Today, many end systems are infected with malicious software (malware). Often, infections will last for a long time due to missing (automated) detection or insufficient user knowledge. Even large organizations usually do not have the necessary security staff to handle all affected computers. Obviously, automated infections with malicious software cannot be handled by manual repair; new approaches are needed. One way to encounter automatic mass infections is to semi-automate the incident management. Less important security incidents should be handled by the user himself while serious incidents should be forwarded to qualified personal. To enable the end user resolving his own security incidents, both organizational and technical information have to be provided in a comprehensible way. This paper describes PRISM (Portal for Reporting Incidents and Solution Management), which consists of several components addressing the goal: a unit receiving security incidents in the IDMEF format, a component containing the logic for handling security incidents and corresponding remedies, and a component generating dynamic web pages presenting adequate solutions for recorded security incidents. PRISM was verified using case studies for universities, companies and end-user/provider scenarios.

Full Text: PDF

ISBN 978-3-88579-191-1

Last changed 24.01.2012 21:56:43