Intrusion response systems: Foundations, design, and challenges

Journal of Network and Computer Applications

Volumn 62, Issue , 2016, Pages 53-74

  Inayat, Zakira ^a,b   Gani, Abdullah ^a   Anuar, Nor Badrul ^a   Khan, Muhammad Khuram ^c   Anwar, Shahid ^d  

^a UNIVERSITY OF MALAYA   (Malaysia)

^b UNIVERSITY OF ENGINEERING AND TECHNOLOGY   (Pakistan)

^c KING SAUD UNIVERSITY   (Saudi Arabia)

^d UNIVERSITY MALAYSIA PAHANG   (Malaysia)

Author keywords

Intrusion detection; Intrusion response; Response design parameter; Semantic coherence

Indexed keywords

COMPUTER CRIME; DESIGN; MERCURY (METAL); SEMANTICS;

DESIGN PARAMETERS; INTRUSION DETECTION SYSTEMS; INTRUSION RESPONSE; INTRUSION RESPONSE SYSTEM; RESEARCH CHALLENGES; RESPONSE DESIGNS; RESPONSE PARAMETERS; RESPONSE SELECTION;

INTRUSION DETECTION;

EID: 84954503459     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2015.12.006     Document Type: Review

References (112)

1. A.O. Adetunmbi, S.O. Falaki, O.S. Adewale, and B.K. Alese Network intrusion detection based on rough set and k-nearest neighbour Int J Comput ICT Res 2 2008 60 66
2. T. Anantvalee, and J. Wu A survey on intrusion detection in mobile ad hoc networks Wireless Network Security 2007 Springer 159 180
3. N.B. Anuar, M. Papadaki, S. Furnell, and N. Clarke An investigation and survey of response options for Intrusion Response Systems (IRSs) Inf Secur South Afr 2010 1 8
4. N.B. Anuar, H. Sallehudin, A. Gani, and O. Zakari Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree Malays J Comput Sci 21 2008 101 115
5. Anwar SJZ. Response option for attacks detected by intrusion detection system. In: Proceedings of the 4th international conference on software engineering and computer system, vol. 4; 2015. p. 7.
6. Anwar S, Zain JBM, Zulkipli MFB, Inayat Z. A review paper on botnet and botnet detection techniques in cloud computing. In: ISCI 2014 - IEEE symposium on computers & informatics; 2014. p. 5.
7. A. Årnes, K. Sallhammar, K. Haslum, T. Brekne, M.E.G. Moe, and S.J. Knapskog Real-time risk assessment with network sensors and intrusion detection systems Computational intelligence and security 2005 Springer 388 397
8. Q.M. Ashraf, and M.H. Habaebi Autonomic schemes for threat mitigation in Internet of Things J Netw Comput Appl 49 2015 112 127
9. A. Asosheh, and N. Ramezani A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification WSEAS Trans Comput 7 2008 281 290
10. Azab M, Eltoweissy M. Defense as a service cloud for cyber-physical systems. In: 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). IEEE; 2011. p. 392-401.
11. Bace RG. Intrusion detection, (http://dl.acm.org/citation.cfm?id=347487), Book; 2002. ISBN:1-57870-185-6.
12. I. Balepin, S. Maltsev, J. Rowe, and K. Levitt Using specification-based intrusion detection for automated response Recent advances in intrusion detection 2003 Springer 136 154
13. Bonifaco J, Moreira E. An adaptive intrusion detection system using neural networks. In: Proceedings of the IFIP SEC; 1997.
14. I. Butun, S.D. Morgera, and R. Sankar A survey of intrusion detection systems in wireless sensor networks Commun Surv Tutorials IEEE 16 2014 266 282
15. Cansian AM, Moreira E, Carvalho A, Bonifacio J. Network intrusion detection using neural networks. In: Proceedings of the international conference on computational intelligence and multimedia applications; 1997. p. 276-80.
16. Carver ACJ. Adaptive Agent-based intrusion response [Ph.D. thesis]. USA: Texas A&M University; May 2001.
17. Carver CA, Hill JM, Pooch UW. Limiting uncertainty in intrusion response. In: Proceedings of the 2001 IEEE workshop on information assurance and security; 2001. p. 5-6.
18. Cert. CERT statistics, http://www.cert.org/stats; 2014 [Accessed on October 2014].
19. Chen Y-M, Yang Y. Policy management for network-based intrusion detection and prevention. NOMS 2004 IEEE/IFIP: IEEE network operations and management symposium; 2004. p. 219-32.
20. K.-K.R. Choo The cyber threat landscape: challenges and future research directions Comput Secur 30 2011 719 731
21. Cisco. (http://www.cisco.com/cisco/web/solutions/small-business/resource-center/articles/secure-my-business/what-is
22. da Silva APR, Martins MH, Rocha BP, Loureiro AA, Ruiz LB, Wong HC. Decentralized intrusion detection in wireless sensor networks. In: Proceedings of the 1st ACM Int workshop Qual Serv Secur Wirel Mob Netw: ACM 2005 16 23.
23. Dantu R, Loper K, Kolan P. Risk management using behavior based attack graphs. In: 2004 Proceedings ITCC 2004 international conference on information technology: coding and computing. IEEE; 2004. p. 445-9.
24. Deris Stiawan MYI, Abdul Hanan Abdullah, (http://eprints.unsri.ac.id/73/1/2011-7-12-4212-4224.pdf); 2011 [Accessed on August 2014].
25. Eng PE, Haug M. Automatic response to intrusion detection [Thesis]; 2004. p. 1-55.
26. J.M. Estevez-Tapiador, P. Garcia-Teodoro, and J.E. Diaz-Verdejo Anomaly detection methods in wired networks: a survey and taxonomy Comput Commun 27 2004 1569 1584
27. L. Feng, W. Wang, L. Zhu, and Y. Zhang Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation J Netw Comput Appl 32 2009 721 732
28. Foo B, Wu Y-S, Mao Y-C, Bagchi S, Spafford E. ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: Proceedings international conference on dependable systems and networks, 2005 DSN. IEEE; 2005. p. 508-17.
29. Frank Y, Jou FG, Chandru Sargor, Shyhtsun Felix Wu, Cleaveland W Rance. Architecture design of a scalable intrusion detection system for the emerging network infrastructure. Technical Report CDRL A005. Releigh (NC, USA): Department of Computer Science, North Carolina State University Releigh; 1997.
30. Ghorbani AA, Lu W, Tavallaee M. Network Intrusion Detection and Prevention:Concepts and Techniques; 2009 [Accessed on: books.google.com.my/books?isbn=0387887717].
31. J.K.M. Han Data mining: concepts and techniques 2006 Morgan Kaufmann Book, Southeast Asia Edition
32. S. Hansman, and R. Hunt A taxonomy of network and computer attacks Comput Secur 24 2005 31 43
33. Haslum K, Abraham A, Knapskog S. Dips: a framework for distributed intrusion prediction and prevention using hidden markov models and online fuzzy risk assessment. In: Proceedings of the IAS 2007 third international symposium information assurance and security. IEEE; 2007. p. 183-90.
34. Á. Herrero, E. Corchado, M.A. Pellicer, and A. Abraham MOVIH-IDS: a mobile-visualization hybrid intrusion detection system Neurocomputing 72 2009 2775 2784
35. C.-Y. Ho, Y.-C. Lai, I.-W. Chen, F.-Y. Wang, and W.-H. Tai Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems IEEE Commun Mag 50 2012 146 154
36. N. Hoque, M.H. Bhuyan, R.C. Baishya, D. Bhattacharyya, and J.K. Kalita Network attacks: taxonomy, tools and systems J Netw Comput Appl 40 2014 307 324
37. M.-Y. Huang, R.J. Jasper, and T.M. Wicks A large scale distributed intrusion detection framework based on attack strategy analysis Comput Netw 31 1999 2465 2475
38. N. Hubballi, and Vinoth Suryanarayanan False alarm minimization techniques in signature-based intrusion detection systems: a survey Comput Commun 49 2014 1 17 13:128
39. Jahnke M, Thul C, Martini P. Graph based metrics for intrusion response measures in computer networks. In: 2007 32nd IEEE conference on local computer networks, 2007 LCN. IEEE; 2007. p. 1035-42.
40. Jou Y, Gong F, Sargor C, Wu X, Wu S, Chang H, et al. Design and implementation of a scalable intrusion detection system for the protection of network infrastructure. In: 2000 DISCEX×00 proceedings DARPA information survivability conference and exposition. IEEE; 2000. p. 69-83.
41. Junqi W, Zhengbing H. Study of intrusion detection systems (IDSs) in network security. In: 2008 WiCOM×08 4th international conference on wireless communications, networking and mobile computing. IEEE; 2008. p. 1-4.
42. Kanoun W, Cuppens-Boulahia N, Cuppens F, Dubus S. Risk-aware framework for activating and deactivating policy-based response. In: 2010 4th International conference on network and system security (NSS). IEEE; 2010. p. 207-15.
43. A. Karami, and M. Guerrero-Zapata An ANFIS-based cache replacement method for mitigating cache pollution attacks in Named Data Networking Comput Netw 80 2015 51 65
44. A. Karami, and M. Guerrero-Zapata A fuzzy anomaly detection system based on hybrid pso-kmeans algorithm in content-centric networks Neurocomputing 149 2015 1253 1269
45. A. Karami, and M. Guerrero-Zapata A hybrid multiobjective rbf-pso method for mitigating dos attacks in named data networking Neurocomputing 151 2015 1262 1282
46. N. Khan, I. Yaqoob, I.A.T. Hashem, Z. Inayat, W.K. Mahmoud Ali, M. Alam, and et al. Big data: survey, technologies, opportunities, and challenges Sci World J 2014 2014
47. S. Khan, M. Shiraz, A.W. Abdul Wahab, A. Gani, Q. Han, and Z. Bin Abdul Rahman A comprehensive review on adaptability of network forensics frameworks for mobile cloud computing Sci World J 2014 2014
48. Kheir N. Response policies and counter-measures: management of service dependencies and intrusion and reaction impacts [Ph.D. thesis], vol. 1; 2010. p. 177-85.
49. N. Kheir, N. Cuppens-Boulahia, F. Cuppens, and H. Debar A service dependency model for cost-sensitive intrusion response Computer Security-ESORICS 2010 2010 Springer 626 642
50. Kheir N, Debar H, Cuppens-Boulahia N, Cuppens F, Viinikka J. Cost evaluation for intrusion response using dependency graphs. In: 2009 N2S×09 international conference on network and service security. IEEE; 2009a. p. 1-6.
51. N. Kheir, H. Debar, F. Cuppens, N. Cuppens-Boulahia, and J. Viinikka A service dependency modeling framework for policy-based response enforcement Detection of intrusions and malware, and vulnerability assessment 2009 Springer 176 195
52. Kholidy H, Baiardi F. CIDS: a framework for intrusion detection in cloud systems. In: 2012 Ninth international conference on information technology: new generations (ITNG). IEEE; 2012. p. 379-85.
53. I. Krontiris, Z. Benenson, T. Giannetsos, F.C. Freiling, and T. Dimitriou Cooperative intrusion detection in wireless sensor networks Wireless sensor networks 2009 Springer 263 278
54. C. Kruegel, F. Valeur, and G. Vigna Intrusion detection and correlation challenges and solutions vol. 14 2005 Springer Science & Business Media
55. Kumar S, Spafford EH. A pattern matching model for misuse intrusion detection. In: Proceedings of the national computer security conference, Baltimore, MD; 1994. p. 11-21.
56. Laboratory L. (http://www.ll.mit.edu/ideval/data/); 2000 [Accessed on October 2014].
57. V.M. Lanchas, V.A.V. González, and F.R. Bueno Ontologies-based automated intrusion response system Computational Intelligence in Security for Information Systems 2010 2010 Springer 99 106
58. A. Lazarevic, V. Kumar, and J. Srivastava Intrusion detection: a survey Managing Cyber Threats 2005 Springer 19 78
59. W. Lee, W. Fan, M. Miller, S.J. Stolfo, and E. Zadok Toward cost-sensitive modeling for intrusion detection and response J Comput Secur 10 2002 5 22
60. W. Li, and S. Tian An ontology-based intrusion alerts correlation system Expert Syst Appl 37 2010 7138 7146
61. H.-J. Liao, C.-H.R. Lin, Y.-C. Lin, and K.-Y. Tung Intrusion detection system: a comprehensive review J Netw Comput Appl 36 2013 16 24 2013
62. Lindqvist U, Jonsson E. How to systematically classify computer security intrusions. In: 1997 Proceedings, 1997 IEEE symposium on security and privacy; 1997. p. 154-63.
63. M.E. Locasto, K. Wang, A.D. Keromytis, and S.J. Stolfo Flips: hybrid adaptive intrusion prevention Recent advances in intrusion detection 2006 Springer 82 101
64. V. Mateos, V.A. Villagrá, F. Romero, and J. Berrocal Definition of response metrics for an ontology-based Automated Intrusion Response Systems Comput Electr Eng 38 2012 1102 1114
65. R. Mitchell, and I.-R. Chen A survey of intrusion detection techniques for cyber-physical systems ACM Comput Surv (CSUR) 46 2014 55
66. R. Mitchell, and I. Chen Effect of intrusion detection and response on reliability of cyber physical systems Reliab IEEE Trans 62 2013 199 210
67. C. Mu, X. Li, H. Huang, and S. Tian Online risk assessment of intrusion scenarios using DS evidence theory Computer Security-ESORICS 2008 2008 Springer 35 48
68. C. Mu, and Y. Li An intrusion response decision-making model based on hierarchical task network planning Expert Syst Appl 37 2010 2465 2472
69. MyCert-Report. MyCERT "Malaysian Computer Emergency response Team Incident Statistics«, Available on: (http://www.mycert.org.my/en/services/statistic/mycert/2013/main/detail/914/index.html); 2014 [Accessed on October 2014].
70. Nadeem A, Howarth M. Adaptive intrusion detection & prevention of denial of service attacks in MANETs. In: Proceedings of the 2009 international conference on wireless communications and mobile computing: connecting the world wirelessly. ACM; 2009. p. 926-30.
71. A. Nadeem, and M. Howarth Protection of MANETs from a range of attacks using an intrusion detection and prevention system Telecommun Syst 52 2013 2047 2058
72. A. Nadeem, and M.P. Howarth An intrusion detection & adaptive response mechanism for MANETs Ad Hoc Netw 13 2014 368 380
73. Neuman C. Challenges in security for cyber-physical systems. DHS: S&T workshop on future directions in cyber-physical systems security: Citeseer; 2009.
74. M. O×Neill The Internet of Things: do more devices mean more risks? Comput Fraud Secur 2014 16 17
75. Olusola AA, Oladele AS, Abosede DO. Analysis of KDD'99 Intrusion detection dataset for selection of relevance features. In: Proceedings of the world congress on engineering and computer science; 2010. p. 20-2.
76. M. Papadaki, and S. Furnell Achieving automated intrusion response: a prototype implementation Inf Manag Comput Secur 14 2006 235 251
77. A. Patel, M. Taghavi, K. Bakhtiyari, and J.C. Júnior An intrusion detection and prevention system in cloud computing: a systematic review J Netw Comput Appl 36 2013 25 41
78. V. Paxson Bro: a system for detecting network intruders in real-time Comput Netw 31 1999 2435 2463
79. N. Poolsappasit, R. Dewri, and I. Ray Dynamic security risk management using Bayesian attack graphs IEEE Trans Dependable Secur Comput 9 2012 61 74
80. Porras PA, Neumann PG. EMERALD: Event monitoring enabling response to anomalous live disturbances. Proceedings of the 20th national information systems security conference; 1997. p. 353-65.
81. H. Qi, M. Shiraz, A. Gani, M. Whaiduzzaman, and S. Khan Sierpinski triangle based data center architecture in cloud computing J Supercomput 2014 1 21
82. Ragsdale DJ, Carver Jr. CA, Humphries JW, Pooch UW. Adaptation techniques for intrusion detection and intrusion response systems. In: 2000 IEEE international conference on systems, man, and cybernetics. IEEE; 2000. p. 2344-9.
83. M. Roesch Snort: lightweight intrusion detection for networks LISA 1999 229 238
84. Room SIIR. (http://www.sans.org/reading-room/whitepapers/malicious/code-red-worm-45); 2001 [Accessed on 27th May 2014].
85. Sabahi FaAM. Intrusion detection: a survey. In: ICSNC×08 3rd international conference on systems and networks communications. IEEE; 2008.
86. Sadoddin R, Ghorbani A. Alert correlation survey: framework and techniques. In: Proceedings of the 2006 international conference on privacy, security and trust: bridge the gap between PST technologies and business services. ACM; 2006. p. 37.
87. SANS Institute, and S. Dinesh Intrusion prevention systems: security×s silver bullet? Bus Commun Rev 33 2003 36 41
88. K. Scarfone, and P. Mell Guide to intrusion detection and prevention systems (IDPS) NIST Spec Publ 800 2007 94
89. K. Scarfone, and P. Mell Guide to intrusion detection and prevention systems (IDPS), Sp-800-94 Special Publication NIST 2007 National Institute of Science and Technology National Institute of Science and Technology Gaithersburg
90. Schnackengerg D, Holliday H, Smith R, Djahandari K, Sterne D. Cooperative intrusion traceback and response architecture (CITRA). In: 2001 DISCEX×01 Proceedings of the DARPA information survivability conference & exposition II: IEEE; 2001. p. 56-68.
91. A. Shameli-Sendi, M. Cheriet, and A. Hamou-Lhadj Taxonomy of intrusion risk assessment and response system Comput Secur 45 2014 1 16
92. A. Shameli-Sendi, and M. Dagenais ORCEF: online response cost evaluation framework for intrusion response system J Netw Comput Appl 2015
93. Shameli-Sendi A, Desfossez J, Dagenais M, Jabbarifar M. A retroactive-burst framework for automated intrusion response system. J Comput Netw Commun 2013;2013.
94. A. Shameli-Sendi, N. Ezzati-Jivan, M. Jabbarifar, and M. Dagenais Intrusion response systems: survey and taxonomy Int J Comput Sci Netw Secur 12 2012 1 14
95. Snapp SR, Brentano J, Dias GV, Goan TL, Heberlein LT, Ho, C-L, et al. DIDS (distributed intrusion detection system)-motivation, architecture, and an early prototype. In: Proceedings of the 14th national computer security conference. Citeseer; 1991. p. 167-76.
96. M. Sookhak, A. Akhundzada, A. Sookhak, M. Eslaminejad, A. Gani, M.K. Khan, and et al. Geographic wormhole detection in wireless sensor networks PLoS One 2015 10
97. N. Stakhanova, S. Basu, and J. Wong A cost-sensitive model for preemptive intrusion response systems AINA 2007 428 435
98. N. Stakhanova, S. Basu, and J. Wong A taxonomy of intrusion response systems Int J Inf Comput Secur 1 2007 169 184
99. Strasburg C, Stakhanova N, Basu S, Wong JS. A framework for cost sensitive assessment of intrusion response selection. In: 2009 COMPSAC×09 33rd annual IEEE international computer software and applications conference. IEEE; 2009a. p. 355-60.
100. Strasburg C, Stakhanova N, Basu S, Wong JS. Intrusion response cost assessment methodology. In: Proceedings of the 4th international symposium on information, computer, and communications security. ACM; 2009b. p. 388-91.
101. S. Tanachaiwiwat, K. Hwang, and Y. Chen Adaptive intrusion response to minimize risk over multiple network attacks ACM Trans Inf Syst Secur 19 2002 1 30
102. Technology T-N. (http://teleco-network.blogspot.com/search?q=firewall); 2011 [Accessed on 27.05.14].
103. Toth T, Kruegel C. Evaluating the impact of automated intrusion response mechanisms. In: Proceedings of the 18th annual IEEE computer security applications conference; 2002. p. 301-10.
104. G. Vigna, and R.A. Kemmerer NetSTAT: a network-based intrusion detection system J Comput Secur 7 1999 37 71
105. Garak Vigna Intrusion detection: a brief history and overview Computer 35 4 2002 0027 0030
106. L. Wang, A. Liu, and S. Jajodia Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts Comput Commun 29 2006 2917 2933
107. S.-H. Wang, C.H. Tseng, K. Levitt, and M. Bishop Cost-sensitive intrusion responses for mobile ad hoc networks Recent advances in intrusion detection 2007 Springer 127 145
108. X. Wang, D.S. Reeves, S.F. Wu, and J. Yuill Sleepy watermark tracing: an active network-based intrusion response framework Trusted information 2001 Springer 369 384
109. G.B. White, E.A. Fisch, and U.W. Pooch Cooperating security managers: a peer-based intrusion detection system IEEE Netw 10 1996 20 23
110. Y.-S. Wu, B. Foo, Y.-C. Mao, S. Bagchi, and E.H. Spafford Automated adaptive intrusion containment in systems of interacting services Comput Netw 51 2007 1334 1360
111. Ying L, Yan Z, Yang-jia O. The design and implementation of host-based intrusion detection system. In: 2010 Third international symposium on intelligent information technology and security informatics (IITSI). IEEE; 2010. p. 595-8.
112. Z. Zhang, F. Naït-Abdesselam, P.-H. Ho, and Y. Kadobayashi Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks Comput Secur 30 2011 525 537