Incident Response: Investigating Computer Crime
Incident Response: Investigating Computer Crime
Evaluating the Impact of Automated Intrusion Response Mechanisms
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Service Dependency Modeling Framework for Policy-Based Response Enforcement
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Service dependencies in information systems security
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Hi-index | 0.00 |
The increasing volume and speed of network attacks point towards the need for automated solutions that can assist the response to detected intrusions. However, a significant question surrounds the reliability that could be achieved by an automated response system. This paper contends that suitable automated decisions can be made if the Responder is able to establish the context of an attack rather than just the occurrence of a suspected incident. The related decision criteria include the number of affected systems, the urgency to respond, and the confidence of the detection system. This paper considers the information that an automated response system would need to acquire from a variety of sources in order to inform response decisions. The discussion is presented in the context of the Flexible Automated Intelligent Responder architecture (which has been developed as part of the authors' wider research), and suggests that while the requirements are non-trivial, suitable information can be obtained and utilised to support automated response decisions.