Intrusion Response Systems: A Survey [chapter]

Bingrui Foo, Matthew W. Glause, Gaspar M. Howard, Yu-Sung Wu, Saurabh Bagchi, Eugene H. Spafford
<span title="">2008</span> <i title="Elsevier"> Information Assurance </i> &nbsp;
Protecting networks from computer security attacks is an important concern of computer security. Within this, intrusion prevention and intrusion detection systems have been the subject of much study and have been covered in several excellent survey papers. However, the actions that need to follow the steps of prevention and detection, namely response, have received less attention from researchers or practitioners. It was traditionally thought of as an offline process, with humans in the loop,
more &raquo; ... ch as system administrators performing forensics by going through the system logs and determining which services or components need to be recovered. Our systems today have reached a level of complexity and the attacks directed at them a level of sophistication that manual responses are no longer adequate. So far there has been limited work in autonomous intrusion response systems, especially work that provides rigorous analysis or generalizable system building techniques. The work that exists has not been surveyed previously. In this survey paper, we lay out the design challenges in building autonomous intrusion response systems. Then we provide a classification of existing work on the topic into four categoriesresponse through static decision tables, response through dynamic decision process, intrusion tolerance through diverse replicas, and intrusion response for specific classes of attacks. We 1 Student authors (the first four authors) are listed in alphabetical order.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/b978-012373566-9.50015-x">doi:10.1016/b978-012373566-9.50015-x</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/tlmg46x475gp3maja6ytpzgope">fatcat:tlmg46x475gp3maja6ytpzgope</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20090625175803/http://cobweb.ecn.purdue.edu/~dcsl/publications/papers/2007/wiley_irssurvey.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/1c/05/1c055f05797039427962b4ec96e6f6bef27ed3a7.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/b978-012373566-9.50015-x"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> elsevier.com </button> </a>