A response selection model for intrusion response systems: Response Strategy Model (RSM)

Security and Communication Networks

Volumn 7, Issue 11, 2014, Pages 1831-1848

  Anuar, Nor Badrul ^a   Papadaki, Maria ^b   Furnell, Steven ^b,c   Clarke, Nathan ^b,c  

^a UNIVERSITY OF MALAYA   (Malaysia)

^b UNIVERSITY OF PLYMOUTH   (United Kingdom)

^c EDITH COWAN UNIVERSITY   (Australia)

Author keywords

Intrusion response systems; Response strategy model; Risk response planning

Indexed keywords

INFORMATION SYSTEMS;

AUTOMATIC RESPONSE; CRITICAL INCIDENTS; INCIDENT CLASSIFICATIONS; INTRUSION RESPONSE SYSTEM; LOW PRIORITIES; RESPONSE SELECTION; RESPONSE STRATEGIES; RISK RESPONSE PLANNING;

COMPUTER NETWORKS;

EID: 84910663668     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.896     Document Type: Article

References (38)

1. NIST. National Vulnerability Database version 2.0, 2012. Available at: http://nvd.nist.gov/ (Accessed: 1 August 2012).
2. Symantec. Symantec Internet security threat report-trends for 2010, 2011. Available at: http://www.symantec.com/business/threatreport/index.jsp (Accessed: 16 July 2011).
3. Anuar NB, Sallehudin H, Gani A, Zakaria O. Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malaysian Journal of Computer Science 2008; 21(2):101-115.
4. Nicolett M, Kavanagh K. Magic quadrant for security information and event management, Gartner RAS Core Research Note G00167782, 2009.
5. Sherif JS, Dearmond TG. Intrusion detection: systems and models, Proceedings of the 11th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2002), Pittsburgh, PA, USA, 2002; 115-133.
6. Sherif JS, Ayers R, Dearmond TG. Intrusion detection: the art and the practice. Part I. Information Management & Computer Security 2003; 11:175-186.
7. Shamshirband S, Anuar NB, Kiah MLM, Patel A. An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique. Engineering Applications of Artificial Intelligence 2013; 26(9):2105-2127.
8. Anuar NB, Papadaki M, Furnell S, Clarke N. An investigation and survey of response options for intrusion response systems (IRSs). In Proceedings of the Information Security for South Africa (ISSA). Johannesburg: South Africa, 2010; 1-8.
9. Mu C, Li Y. An intrusion response decision-making model based on hierarchical task network planning. Expert Systems with Applications 2010; 37(3):2465-2472.
10. Caswell B, Roesch M. Snort: The open source network intrusion detection system, 1998. Available at: http://www.snort.org (Accessed: 20 August 2010).
11. Carver CA. Adaptive agent-based intrusion response. PhD Dessertation. Texas A&M University, 2001.
12. Porras PA, Neumann PG. EMERALD: event monitoring enabling responses to anomalous live disturbances, Proceedings of the 20th NIST-NCSC National Information Systems Security Conference, Baltimore, MD, 1997; 353-365.
13. Lee W, Fan W, Miller M, Stolfo SJ, Zadok E. Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security 2002; 10(1-2):5-22.
14. Wang SH, Tseng CH, Levitt K, Bishop M. Cost-sensitive intrusion responses for mobile ad hoc networks, Proceedings of the Recent Advances in Intrusion Detection, Vol. 4637, Gold Goast, Australia, 2007; 127-145.
15. Stakhanova N, Basu S, Wong J. A cost-sensitive model for preemptive intrusion response systems, Proceedings of the 21st International Conference on Advanced Information Networking and Applications (AINA '07), Niagara Falls, Canada, 2007; 428-435.
16. Papadaki M, Furnell SM. Informing the decision process in an automated intrusion response system, Information Security Technical Report 2005, Vol. 10 No. 3, pp. 150-161,
17. Foo B, Wu YS, Mao YC, Bagchi S, Spafford E. ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment, Proceedings of the International Conference on Dependable Systems and Networks (DSN 2005), Yokohama, Japan, 2005; 508-517.
18. Cohen F. Simulating cyber attacks, defences, and consequences. Computers & Security 1999; 18(6):479-518.
19. Papadaki M. Classifying and responding to network intrusions. PhD. University of Plymouth, 2004.
20. Anuar NB, Papadaki M, Furnell S, Clarke N. Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM). Security Communication Networks 2013; 6(9): 1087-1116.
21. Covey SR. 7 habits of highly effective people, 15th Anniversary edition, Simon & Schuster Ltd., 2004.
22. Yoo S. Machine learning methods for personalized email prioritization. PhD. Carnegie Mellon University, 2010.
23. Haimes YY. Risk analysis, systems analysis, and covey's seven habits perspectives. Risk Analysis 2001; 21(2):217-224.
24. Gonzalez VM, Galicia L, Favela J. Understanding and supporting personal activity management by IT service workers, Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology, San Diego, California, 2008; 1-10.
25. Hillson D. Developing effective risk responses, Proceedings of the 30th Annual Project Management Institute 1999 Seminars & Symposium, Philadelphia, Pennsylvania, USA, 1999.
26. Hillson D. Extending the risk process to manage opportunities. International Journal of Project Management 2002; 20(3):235-240.
27. Baker S, Ponniah D, Smith S. Risk response techniques employed currently for major projects. Construction Management and Economics 1999; 17:205-213.
28. Ben-David I, Raz T. An integrated approach for risk response development in project planning. Journal of the Operational Research Society 2001; 52:14-25.
29. Mell P, Scarfone K, Romanosky S. Common vulnerability scoring system. IEEE Security & Privacy 2006; 4(6):85-89.
30. DARPA. DARPA intrusion detection data sets, 2011. Available at: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html (Accessed: 1 July 2011).
31. Alserhani F, Akhlaq M, Awan IU, Cullen AJ, Mirchandani P. MARS: multi-stage attack recognition system, Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), Perth, Australia, 2010; 753-759.
32. Tjhai GC, Furnell SM, Papadaki M, Clarke NL. A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm. Computers & Security 2010; 29(6):712-723.
33. Tjhai GC, Papadaki M, Furnell SM, Clarke NL. Investigating the problem of IDS false alarms: an experimental study using Snort, Proceedings of the IFIP TC 11 23rd International Information Security Conference, Vol. 278, Milano, Italy, 2008; 253-267.
34. Tjhai GC. Anomaly-based correlation of IDS alarms. PhD. University of Plymouth, 2011.
35. GCIA. GIAC Certified Intrusion Analyst (GCIA), 2011. Available at: http://www.giac.org/certifications/security/gcia.php (Accessed: 1 March 2011).
36. Caswell B, Beale J. Snort 2.1 Intrusion Detection (2nd edn). Syngress: Rockland, MA, 2004.
37. Ning P, Cui Y, Reeves DS, Xu D. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information System Security 2004; 7(2):274-318.
38. Alsubhi K, Aib I, Boutaba R. FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems. International Journal of Network Management 2012; 22(4): 263-284.