Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Practical automated detection of stealthy portscans
Journal of Computer Security
Evaluating the Impact of Automated Intrusion Response Mechanisms
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Adaptive agent-based intrusion response
Adaptive agent-based intrusion response
Intrusion detection alert verification based on multi-level fuzzy comprehensive evaluation
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part I
Definition of response metrics for an ontology-based Automated Intrusion Response Systems
Computers and Electrical Engineering
Hi-index | 12.05 |
An intrusion response decision-making model based on hierarchical task network (HTN) planning is presented in the paper. Compared with other response decision-making models, the response decision-making model consists of not only the response measure decision-making process but also response time decision-making process that is firstly proposed in the paper. The response time decision-making model is able to determine response time for different response HTN subtasks. Owing to the introduction of the response time decision-making, the intrusion response system can apply different response strategies to achieve different response goals set by administrators. The proposed response measure decision-making model can optimize a response plan by balancing the response effectiveness and the response negative impact in both a single response measure and a set of response measures. The response decision-making model is self-adaptive and has the ability of tolerating to false positive IDS alerts. The proposed model has been used in the intrusion detection alert management and intrusion response system (IDAM&IRS) developed by us. The functions and architecture of IDAM&IRS are introduced in this paper. In addition, the intrusion response experiments of IDAM&IRS are presented, and the features of the response decision-making model are summarized.