Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
The Design and Testing of Automated Signature Generation Engine for Worms Detection
KES-AMSTA '07 Proceedings of the 1st KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications
| Hi-index | 0.00 |
The rollbackable automated intrusion response mechanism, a method whereby an intrusion response can be treated by in the context of the detection/response life-cycle. The idea derives from the observation that most intrusion responses have negative effects. To decrease the cumulative response cost, response rollback could be carried out at some suitable time, for example when the attack has terminated or the attack 'detection' is proved to be a false positive. Additionally, technologies supporting automated response are proposed, such as the structure of a response policy and the way the automated response might be implemented. A proposed implementation structure of rollbackable automated intrusion response system (RAIRS) is also given. With the quantified response cost, the result of our experiments shows that response rollback is promising as a way to decrease the expected cumulative intrusion response cost.