Survey of intrusion response decision-making techniques of automated intrusion response systems

Jisuanji Yanjiu yu Fazhan/Computer Research and Development

Volumn 45, Issue 8, 2008, Pages 1290-1298

  Mu, Chengpo ^a   Huang, Houkuan ^b   Tian, Shengfeng ^b   Li, Xiangjun ^b,c  

^a BEIJING INSTITUTE OF TECHNOLOGY   (China)

^b BEIJING JIAOTONG UNIVERSITY   (China)

^c NANCHANG UNIVERSITY   (China)

Author keywords

Alert processing; Automated intrusion response system; Intrusion detection; Intrusion response decision making; Network security

Indexed keywords

EID: 54749113385     PISSN: 10001239     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (24)

1. Ashish Gehani. Support for automated passive host-based intrusion response[D]. Durham, NC, USA: Department of Computer Science, Duke University, 2003
2. Curtis A Carver. Adaptive-based intrusion response[D]. College Station: Texas A&M University, 2001
3. Dan Schnackenberg, Harley Holliday, Randall Smith, et al. Cooperative intrusion traceback and response architecture[C]//Proc of DARPA Information Survivability Conference and Exposition. Piscataway, NJ: IEEE Computer Society, 2001
4. Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao, et al. ADEPTS: Adaptive intrusion response using attack graphs in an E-commerce environment[C]//Proc of the DSN-DCC Symposium 2005. Piscataway, NJ: IEEE Computer Society, 2005
5. Curistis A Carver, John M D Hill, Udo W Pooch. Limiting uncertainty in intrusion response[C]//Proc of the 2nd IEEE Information Assurance and Security Workshop. Piscataway, NJ: IEEE Computer Society, 2001
6. Porras P A, Neumann P G. EMERALD: Event monitoring enabling responses to anomalous live disturbances[C]//Proc of the 20th National Information Systems Security Conference. Gaithersburg, USA: Information Technology Laboratory, 1997
7. White G B, Fisch E A, Pooch U W. Cooperating security managers: A peer-based intrusion detection system[J]. IEEE Network, 1996, 10(1): 20-23
8. Wenke Lee. Toward cost-sensitive modeling for intrusion detection and response[J]. Journal of Computer Security, 2002, 10(2): 5-22
9. Thomas Toth, Christopher Kruegel. Evaluating the impact of automated intrusion response mechanisms[C]//Proc of the 18th Annual Computer Security Application Conference. Washington, DC: IEEE Computer Society, 2002
10. Yu-Sung Wu, Bingrui Foo, Blake Matheny, et al. ADEPTS: Adaptive intrusion containment and response using attack graphs in an E-commerce environment, 2003-33[R]. West Lafayette, Indiana, USA: Purdue University, 2003
11. Ashish Gehani, Gershon Kedem. RheoStat: Real-time risk management[C]//Proc of the 7th Int'l Symp on Recent Advances in Intrusion Detection. Berlin: Springer, 2004
12. Uppuluri P, Sekar R. Experiences with specification-based intrusion detection[C]//Proc of the 4th Int'l Symp on Recent Advances in Intrusion Detection. Berlin: Springer, 2001
13. Somayaji A, Forrest S. Automated response using system-call delay[C]//Proc of the 9th USENIX Security Symposium. Berkeley, CA, USA: The Advanced Computing Systems Association, 2000
14. Ragsdale D J, Carver C A, et al. Adaptation techniques for intrusion detection and intrusion response systems[C]//Proc of IEEE Int'l Conf on System, Man and Cybernetics Information Assurance Workshop. New York: IEEE, 2000
15. Balepin I, Maltsev S, Rowe J, et al. Using specification-based intrusion detection for automated response[C]//Proc of the 6th Int'l Symp on Recent Advances in Intrusion Detection. Berlin: Springer, 2003
16. Rohit Parti. Design of an intrusion response system using evolutionary computation, CS401[R]. Miner Circle Rolla, Missouri, USA: Computer Science Department, University of Missouri-Rolla, 2003
17. Sapon Tanachaiwiwat, Kai Hwang, Yue Chen. Adaptive intrusion response to minimize risk over multiple network attacks[OL]. [2002-08-27]. http://ceng.use.edu/-kaihwang/papers/ACM827.pdf
18. Joshua Maines, Dorene Kewley, Laura Tinnel, et al. Validation of sensor alert correlators[J]. IEEE Security Si-Privacy Magazine, 2003, 1(1): 46-56
19. Fredrik Valeur, Giovanni Vigna, Christopher Kruegel, et al. A comprehensive approach to intrusion detection alert correlation[J]. IEEE Trans on Dependable and Secure Computing, 2004, 1(3): 146-169
20. Mu Chengpo, Huang Houkuan, Tian Shengfeng. A survey of intrusion-detection alert aggregation and correlation techniques[J]. Journal of Computer Research and Development, 2006, 43(1): 1-8 (in Chinese)
21. Natalia Stakhanova, Samik Basu, Johnny Wong. A taxonomy of intrusion response systems, 06-05[R]. Ames, Iowa, USA: Department of Computer Science, Iowa State University, 2006
22. Mu C P, Huang H K, Tian S F. Intrusion detection alert verification based on multi-level fuzzy comprehensive evaluation[G]//Proc of 2005 Int'l Conf on Computational Intelligence and Security, LNAI 3801. Berlin: Springer, 2005. 9-16
23. Mu Chengpo. Research on automated intrusion response system[D]. Beijing: Beijing Jiaotong University, 2006 (in Chinese)
24. Zhang Jian, Pang Jian. Rollbackable automated intrusion response system[J]. Acta Electronica Sinica, 2004, 32(5): 769-773 (in Chinese)