Project Description

 ADAX (Attacks Detection And Countermeasures Simulation) aims to study feasibility of solutions enabling to detect complex attacks against an information system working in its complex environment and to react smartly and quickly to those attacks with adapted countermeasures.

Operators need to remediate to intrusions or vulnerabilities detected in an information system by selecting countermeasures. Unfortunately, it is currently impossible to assess the impact of a reaction (no quantitative assessment of the situation, need for faithful models, conflicts to solve between the numerous components of large systems in complex environments,…). ADAX will define solutions enabling proposal of reactions and means to assess impact of countermeasures before their enforcement on the information system security and on the services running above.

ADAX is addressing four markets : the SIEM market (on the detection/supervision side), the IPS and the DDoS markets (both on the reaction side) and the trusted computing market (on the prevention side). There is clearly a gap between the detection/supervision and reaction products available today. In addition, the existing reaction products focus on very limited set of countermeasures, and furthermore these countermeasures are deployed without having decision support (with e.g. impact analysis) available. At the same time, the customers are clearly expressing the need for extending the detection part provided by the SIEM solutions with reaction capabilities and support mechanisms helping the security operators to make enlightened decisions in a dynamic situation. This opens up market opportunities for the different partners of the project.

In order to help operators to assess the seriousness of a set of currently active threats and the impact of the reactions on the monitored ICT system, ADAX aims at providing answers to the following hard questions : large-scale modelling of information systems and networks, efficient alert correlation, quantitative evaluation of simulation results for decision support, study of the combination of multiple attacks and countermeasures, development of novel visual analytics technologies for the identification and prediction of very complex patterns of abnormal situation in the network, effective deployment of the selected countermeasures, and trust and security in future Internets.

The core innovation of the ADAX project transferred to industry is a decision-support system for security operations and policy management integrated within a security information management platform, interacting with alert correlation systems, acting as a mediator between the SIM environment and the monitored ICT system, helping the operator to assess the seriousness of security issues, validate the remediation actions and reactions, deploy them over the monitored infrastructure, and monitor their efficiencies. This prototype will include the ability to mitigate threats at the network and at the service layer.