40 likes | 140 Views
Vulnerability CaseLibrary. ??? Virtual disparte distributed DB of patches. Snort+ CASE Library. Machine config. ID CBR metadata. raw packets. xml. ID CBR 1.0 (ra). V CBR++ 4.0 (ra). IDV AI? 2.0. alert. vulnerability. rejections??. Modify ??? 8.0. denial. Modify parameters
E N D
Vulnerability CaseLibrary ??? Virtual disparte distributed DB of patches Snort+ CASE Library Machine config ID CBR metadata raw packets xml ID CBR 1.0 (ra) V CBR++ 4.0 (ra) IDV AI? 2.0 alert vulnerability rejections?? Modify ??? 8.0 denial Modify parameters of metadata 3.0 Learning potential problem Learning Install and Restart 6.0 patch Retrieve Patch 7.0 Fix Vulnerability 5.0 (ra) patch patch Machine broker Language needed?
Snort+ CASE Library ID CBR metadata raw packets xml ID CBR 1.0 (ra) IDV AI? 2.0 alert vulnerability denial Modify parameters of metadata 3.0 1.0 the raw packets enter the CBR and are evaluated against the snort case library and the ID metadata. 2.0 the alerts are evaluated against known vulnerabilities and denial of alerts occurs thus filtering false alerts 3.0 The ID CBR metadata is updated with the learned denial information n Learning 1.0 written with a reflective architecture and metadata regarding cases. 2.0 currently under research to determine how to evaluate vulnerabilities to obtain denials. 3.0 need to think about metameta reflection here to update the ID CBR, might be reusable elsewhere
Machine config Vulnerability CaseLibrary 2.0 the alerts are evaluated against known vulnerabilities and denial of alerts occurs thus filtering false alerts AND also rejections on false vulnerabilities are identified 4.0 the vulnerabilities identified by the machine configuration enter and are evaluated against the vulnerability case library or perhaps this is a database (not cases) . There may need to be a meta definition of these vulnerabilities not sure here. 8.0 The rejections from the AI 2.0 are evaluated and the information is used to modify the vulnerability case or database. This allows learning to not have false vulnerabilities V CBR++ 4.0 (ra) IDV AI? 2.0 vulnerability rejections?? Modify ??? 8.0 Learning potential problem 2.0 currently under research to determine how to evaluate vulnerabilities to obtain denials AND how to evaluate alerts to generate rejections . 4.0 written in reflective architectures using vulnerability casebase or database metadata 8.0 may be able to use metameta arch from 3.0 currently under research
??? Virtual disparte distributed DB of patches 5.0 receives potential problem of a vulnerability that needs repairing and it retrieves the needed patch from the patch broker . 6.0 The patch is received and installed on the machine, there may be a need to restart the machine. 7.0 Here the process brokers with the vendors or perhaps a disparte database to obtain the needed fix for the potential problem 7.0 this is a negotiating program acting as a broker. May require a ebXML extension 2.0 currently under research should use reflective architecture 6.0 requires some metadata about machine potential problem Install and Restart 6.0 Retrieve Patch 7.0 Fix Vulnerability 5.0 (ra) patch patch patch Machine broker Language needed?