Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Evaluating the Impact of Automated Intrusion Response Mechanisms
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Measuring the Risk-Based Value of IT Security Solutions
IT Professional
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A Framework for the Evaluation of Intrusion Detection Systems
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Automated adaptive intrusion containment in systems of interacting services
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Cost-Sensitive Model for Preemptive Intrusion Response Systems
AINA '07 Proceedings of the 21st International Conference on Advanced Networking and Applications
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Graph based Metrics for Intrusion Response Measures in Computer Networks
LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
The Search for Efficiency in Automated Intrusion Response for Distributed Applications
SRDS '08 Proceedings of the 2008 Symposium on Reliable Distributed Systems
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices
CONGRESS '09 Proceedings of the 2009 World Congress on Privacy, Security, Trust and the Management of e-Business
An ontology-based approach to react to network attacks
International Journal of Information and Computer Security
Cost-sensitive intrusion responses for mobile ad hoc networks
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
| Hi-index | 0.00 |
In recent years, cost-sensitive intrusion response has gained significant interest mainly due to its emphasis on the balance between potential damage incurred by the intrusion and cost of the response. However, one of the challenges in applying this approach is defining consistent and adaptable measurements of these cost factors on the basis of requirements and policy of the system being protected against intrusions.In this paper we present a framework for the cost-sensitive selection of intrusion response. Specifically, we introduce a set of measurements that characterize potential costs associated with the intrusion handling process and propose evaluation method of intrusion response with respect to the risk of potential intrusion damage, effectiveness of response action and response cost for a system. We provide an implementation of the proposed solution as a plugin tool for Snort IDS and demonstrate its advantages on DARPA data set and real network traffic.