Evaluating the Impact of Automated Intrusion Response Mechanisms
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Adaptive agent-based intrusion response
Adaptive agent-based intrusion response
ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Automated adaptive intrusion containment in systems of interacting services
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Cost-Sensitive Model for Preemptive Intrusion Response Systems
AINA '07 Proceedings of the 21st International Conference on Advanced Networking and Applications
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
A hybrid intrusion detection system design for computer network security
Computers and Electrical Engineering
Ontology-Based Network Management: Study Cases and Lessons Learned
Journal of Network and Systems Management
A Framework for Cost Sensitive Assessment of Intrusion Response Selection
COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 01
Handbook on Ontologies
An intrusion response decision-making model based on hierarchical task network planning
Expert Systems with Applications: An International Journal
IEEE Communications Magazine
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
The main purpose of an AIRS (Automated Intrusion Response System) is to choose and execute the optimum response when the different security-event network detection sources detect security intrusions. The inference of the most suitable response should be made according to a set of response metrics that specify different rules for selecting a specific response according to some context and input parameters and the weight associated with each of them. Furthermore, the Semantic Web Rule Language (SWRL) can be used to specify these response metrics, providing an open and extensible framework for the behavior description of an AIRS, able to be integrated with the increasing number of Semantic Web tools. The aim of this paper is to study and characterize these metrics, as well as defining a set of response metrics for an AIRS, specifying these metrics with SWRL rules and testing their execution with Semantic Web current technologies. Finally, some results are shown concerning the inferred responses and performance of this SWRL-based reasoning.