Literature Database Entry


Jochen Kaiser, Alexander Vitzthum, Peter Holleczek and Falko Dressler, "Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software," Proceedings of GI SIDAR International Conference on IT-Incident Management and IT-Forensics (IMF 2006), vol. LNI P-97, Stuttgart, Germany, October 2006, pp. 92–103.


Today, many end systems are infected with malicious software (malware). Often, infections will last for a long time due to missing (automated) detection or insufficient user knowledge. Even large organizations usually do not have the necessary security staff to handle all affected computers. Obviously, automated infections with malicious software cannot be handled by manual repair; new approaches are needed. One way to encounter automatic mass infections is to semi-automate the incident management. Less important security incidents should be handled by the user himself while serious incidents should be forwarded to qualified personal. To enable the end user resolving his own security incidents, both organizational and technical information have to be provided in a comprehensible way. This paper describes PRISM (Portal for Reporting Incidents and Solution Management), which consists of several components addressing the goal: a unit receiving security incidents in the IDMEF format, a component containing the logic for handling security incidents and corresponding remedies, and a component generating dynamic web pages presenting adequate solutions for recorded security incidents. PRISM was verified using case studies for universities, companies and end-user/provider scenarios.

Quick access

Authors' Version PDF (PDF on this web site)
BibTeX BibTeX


Jochen Kaiser
Alexander Vitzthum
Peter Holleczek
Falko Dressler

BibTeX reference

    author = {Kaiser, Jochen and Vitzthum, Alexander and Holleczek, Peter and Dressler, Falko},
    title = {{Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software}},
    pages = {92--103},
    publisher = {Springer},
    volume = {LNI P-97},
    address = {Stuttgart, Germany},
    booktitle = {GI SIDAR International Conference on IT-Incident Management and IT-Forensics (IMF 2006)},
    month = {10},
    year = {2006},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at

This page was automatically generated using BibDB and bib2web.

Last modified: 2024-06-15