Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems
Automated adaptive intrusion containment in systems of interacting services
Computer Networks: The International Journal of Computer and Telecommunications Networking
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
Network Security: Know It All: Know It All
Network Security: Know It All: Know It All
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
Journal of Computer Security - Best papers of the Sec Track at the 2006 ACM Symposium
A Service Dependency Modeling Framework for Policy-Based Response Enforcement
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
An intrusion response decision-making model based on hierarchical task network planning
Expert Systems with Applications: An International Journal
Informing the decision process in an automated intrusion response system
Information Security Tech. Report
Cost-sensitive intrusion responses for mobile ad hoc networks
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A cost-based analysis of intrusion detection system configuration under active or passive response
Decision Support Systems
Service dependencies in information systems security
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
A service dependency model for cost-sensitive intrusion response
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Privilege states based access control for fine-grained intrusion response
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Using contextual security policies for threat response
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Immune-Based dynamic intrusion response model
SEAL'06 Proceedings of the 6th international conference on Simulated Evolution And Learning
Definition of response metrics for an ontology-based Automated Intrusion Response Systems
Computers and Electrical Engineering
Towards cost-sensitive assessment of intrusion response selection
Journal of Computer Security
| Hi-index | 0.00 |
Intrusion detection systems (IDSs) have reached a highlevel of sophistication and are able to detect intrusions witha variety of methods. Unfortunately, system administratorsneither can keep up with the pace that an IDS is deliveringalerts, nor can they react upon these within adequatetime limits. Automatic response systems have to take overthat task. In case of an identified intrusion, these componentshave to initiate appropriate actions to counter emerg-ingthreats. Most current intrusion response systems (IRSs)utilize static mappings to determine adequate response actionsin reaction to detected intrusions. The problem withthis approach is its inherent inflexibility. Countermeasures(such as changes of firewall rules) often do not only defendagainst the detected attack but may also have negative effectson legitimate users of the network and its services. Toprevent a situation where a response action causes moredamage that the actual attack, a mechanism is needed thatcompares the severity of an attack to the effects of a possibleresponse mechanism. In this paper, we present a networkmodel and an algorithm to evaluate the impact of responseactions on the entities of a network. This allows the IRS toselect the response among several alternatives which fulfillsthe security requirements and has a minimal negative effecton legitimate users.