Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense
against a variety of attacks that can compromise the security and proper functioning
of an enterprise information system. IDPSs can be network or host-based and can collaborate
in order to provide better detection of malicious traffic. Although several IDPS
systems have been proposed, their appropriate con figuration and control for e effective detection/
prevention of attacks and efficient resource consumption is still far from trivial.
Another concern is related to the slowing down of system performance when maximum
security is applied, hence the need to trade o between security enforcement levels and the
performance and usability of an enterprise information system.
In this dissertation, we present a security management framework for the configuration
and control of the security enforcement mechanisms of an enterprise information system.
The approach leverages the dynamic adaptation of security measures based on the assessment
of system vulnerability and threat prediction, and provides several levels of attack
containment. Furthermore, we study the impact of security enforcement levels on the
performance and usability of an enterprise information system. In particular, we analyze
the impact of an IDPS con figuration on the resulting security of the network, and on the
network performance. We also analyze the performance of the IDPS for different con figurations
and under different traffic characteristics. The analysis can then be used to predict
the impact of a given security con figuration on the prediction of the impact on network
performance
