Author, Subjects, Keywords

Cited Author

 
 
   » By Author or Editor
 » Browse Author by Alphabet
 » By Journal
 » By Subjects
 » Malaysian Journals
 » By Type
 » By Year
 » By Latest Additions
 
 
   » By Author
 » Top 20 Authors
 » Top 20 Article
 » Top Journal Cited
 » Top Article Cited
 » Journal Citation Statistics
 » Usage Since Sept 2007


 
 
 

Login | Create Account

Response Mechanisms for Intrusion Response Systems (IRSs)

Anuar, Nor Badrul and Furnell, S.M. and Papadaki, M. and Clarke, N.L (2009) Response Mechanisms for Intrusion Response Systems (IRSs). In: Research Symposium on Security E-Learning Internet and Networking, 25-29 November 2009, University of Applied Sciences Darmstadt, Germany.

[img]
Preview
PDF (Response Mechanisms for Intrusion Response Systems (IRSs)) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
85Kb

Affiliations

University of Malaya
University of Plymouth, United Kingdom

Abstract

The rise of network attacks and incidents need additional and distinct methods of response. This paper discusses the different type of responses in Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs) and Intrusion Response Systems (IRSs). Using characteristics of responses and the relationship between responses, a more effective model is proposed. The characteristics of responses include the level of operations, the speed and time of responses, the ability to learn and the ability to cooperate with other devices. Using an attack time frame, the relationship between active and passive response are discussed. The response mechanism model distinguishes between active, passive, and different approaches and stages of active responses.

Item Type:Conference or Workshop Item (Paper)
Keywords:Intrusion Response Systems, active, proactive, reactive and passive response
Subjects:Q Science, Computer Science
ID Code:10419

Aickelin, U., Bentley, P., Cayzer, S., Kim, J. and McLeod, J. (2003), "Danger theory: The link between AIS and IDS?" Proceeding of the Second International Conference on Artificial Immune Systems, Vol. 2787, pp. 147-155.

Anderson, J.P. (1980), "Computer Security Threat Monitoring and Surveillance", James P. Anderson Co., Box 42, Fort Washington, PA, 19034, USA.

Anuar, N.B., Yaacob, M. and Idna, M.Y. (2004), "RedAlert: Approach for Firewall Policies Update Mechanism", Wseas Transaction on Computer, Vol. 3 No. 5, pp. 1451-1454.

Axelsson, S. (2000), "Intrusion Detection Systems: a Survey and Taxonomy", Department of Computer Engineering, Chalmers University, Gothenburg, Sweden.

Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W. and Mehra, R.K. (2002), "Proactive Intrusion Detection and Distributed Denial of Service Attacks—A Case Study in Security Management", Journal of Network and Systems Management, Vol. 10 No. 2, pp. 225-254.

Capaccio, T. (2009), "Contractor returns money to Pentagon". The Washington Times, 25 July 2009.

Chen, C.M., Jeng, B.C., Yang, C.R. and Lai, G.H. (2006), "Tracing denial of service origin: Ant colony approach", EvoWorkshops 2006, Budapest, HUNGARY, pp. 286-295.

Cohen, F. (1999), "Simulating cyber attacks, defences, and consequences", Computers & Security, Vol. 18 No. 6, pp. 479-518.

Debar, H., Dacier, M. and Wespi, A. (1999), "Towards a taxonomy of intrusion-detection systems", Computer Networks, Vol. 31 No. 9, pp. 805-822.

Denning, D. (1987), "A Prototype IDES: A Real Time Intrusion Detection Expert System", Technical Report, Computer Science Laboratory, SRI International.

Denning, D.E. and Neumann, P.G. (1985), "Requirements and Model for IDES - A Real-time Intrusion Detection Expert System", Technical Report, CSL, SRI International.

Dondo, M.G. (2008), "A vulnerability prioritization system using a fuzzy risk analysis approach", Proceeding of the 23rd International Information Security Conference, Milano, ITALY, pp. 525-539.

Esmaili, M., Balachandran, B., Safavi-Naini, R. and Pieprzyk, J. (1996), "Case-based reasoning for intrusion detection", Proceedings of the 12th Annual Computer Security Applications Conference, pp. 214-223.

Feng, Z., Shijie, Z., Zhiguang, Q. and Jinde, L. (2003), "Honeypot: a supplemented active defense system for network security", Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 231-235.

Fessi, B.A., Hamdi, M., Benabdallah, S. and Boudriga, N. (2007), "A decisional framework system for computer network intrusion detection", European Journal of Operational Research, Vol. 177 No. 3, pp. 1824-1838.

Fisch, E.A. (1996), "Intrusion Damage Control and Assessment: A Taxonomy and Implementation of Automated Responses to Intrusive Behavior", Ph.D. Dissertation, Texas A&M U.

Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S. and Spafford, E. (2005), "ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment", Proceedings of the International Conference on Dependable Systems and Networks (DSN 2005), pp. 508-517.

Gangadharan, M. and Kai, H. (2001), "Intranet security with micro-firewalls and mobile agents for proactive intrusion response", Proceedings of the International Conference on Computer Networks and Mobile Computing, pp. 325-332.

Hacking-Lexicon (2009), "Linux Dictionary", Available at: http://www.tldp.org/LDP/Linux-Dictionary/html/i.html (Accessed: 19 July 2009).

Hong, H., Xian-Liang, L., Li-Yong, R. and Bo, C. (2006), "Taichi: An Open Intrusion Automatic Response System Based on Plugin", Proceedings of the International Conference on Machine Learning and Cybernetics, pp. 66-77.

Huiying, L. and Yuanda, C. (2008), "Research on Network Risk Situation Assessment Based on Threat Analysis", Proceedings of the International Symposium on Information Science and Engineering, Shanghai, China, pp. 252-257.

Jackson, K. (1999), "Intrusion detection system product survey", Technical Report LA-UR-99-3883, Los Alamos National Laboratory.

Jang, H. and Kim, S. (2002), "Real-time intruder tracing through self-replication", Proceeding of the 5th International Information Security Conference (ISC), Sao Paulo, Brazil, pp. 1-16.

Kotsiantis, S.B. (2007), "Supervised Machine Learning: A Review of Classification Techniques", Informatica, Vol. 31 No. 3, pp. 249-268.

Lewandowski, S.M., Van Hook, D.J., O'Leary, G.C., Haines, J.W. and Rossey, L.M. (2001), "SARA: Survivable Autonomic Response Architecture", Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX '01), Vol. 1, pp. 77-88.

MyCERT (2008), "Malaysian Computer Emergency response Team Incident Statistic", Available at: http://www.mycert.org.my/en/services/statistic/mycert/2008/main/detail/566/index.html (Accessed: 16 October 2008).

Papadaki, M. and Furnell, S. (2004), "IDS or IPS: what is best?", Network Security, Vol. 2004 No. 7, pp. 15-19.

Papadaki, M., Furnell, S.M., Lee, S.J., Lines, B.L. and Reynolds, P.L. (2002), "Enhancing Response in Intrusion Detection Systems", Journal of Information Warfare, Vol. 2 No. 1, pp. 90-120.

Ragsdale, D.J., Carver, C.A., Jr., Humphries, J.W. and Pooch, U.W. (2000), "Adaptation techniques for intrusion detection and intrusion response systems", Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, Vol. 4, pp. 2344-2349.

Russo, J.E. and Schoemaker, P.J.H. (1989), "Decision traps: Ten barriers to brilliant decision-making and how to overcome them", New York: Simon & Schuster. pp 304.

Schouwenberg, R. (2008), "Attacks on banks", Available at: http://www.viruslist.com/en/analysis?pubid=204792037 (Accessed: 18 October 2008).

Schultz, E.E. (2002), "A framework for understanding and predicting insider attacks", Computers & Security, Vol. 21 No. 6, pp. 526-531.

Sherif, J.S., Ayers, R. and Dearmond, T.G. (2003), "Intrusion detection: the art and the practice. Part I", Information Management & Computer Security, Vol. 11, pp. 175-186.

Sherif, J.S. and Dearmond, T.G. (2002), "Intrusion detection: systems and models", Proceedings of Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2002), pp. 115-133.

Stakhanova, N., Basu, S. and Wong, J. (2007), "A taxonomy of intrusion response systems", International Journal of Information and Computer Security, Vol. 1 No. 1/2, pp. 169-184.

Thames, J.L., Abler, R. and Keeling, D. (2008a), "A distributed active response architecture for preventing SSH dictionary attacks", Proceedings of the IEEE Southeastcon 2008, Vol. 1 and 2, Huntsville, Alabama, pp. 84-89.

Thames, J.L., Abler, R. and Keeling, D. (2008b), "A Distributed Firewall and Active Response Architecture Providing Preemptive Protection ", Proceedings of the 46th ACM Southeast Conference 2008, Auburn, AL, USA.

Tjhai, G.C., Papadaki, M., Furnell, S.M. and Clarke, N.L. (2008), "The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset". Trust, Privacy and Security in Digital Business. pp 139-150.

Wang, H.Q., Wang, G.F., Lan, Y., Wang, K. and Liu, D.X. (2006), "A new automatic intrusion response taxonomy and its application", Proceedings of the 8th Asia-Pacific Web Conference and Workshops (APWeb 2006), Harbin, People R China, pp. 999-1003.

Wang, X., Reeves, D.S., Wu, S.F. and Yuill, J. (2001a), "Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework", Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge, Vol. 193, pp. 369 - 384.

Wang, X.Y., Reeves, D.S. and Wu, S.F. (2001b), "Tracing Based Active Intrusion Response", Journal of Information Warefare, Vol. 1 No. 1, pp. 50–61.

White, G.B., Fisch, E.A. and Pooch, U.W. (1996), "Cooperating security managers: A peer-based intrusion detection system", IEEE Network, Vol. 10 No. 1, pp. 20-23.

Wu, Y.S., Foo, B., Mao, Y.C., Bagchi, S. and Spafford, E.H. (2007), "Automated adaptive intrusion containment in systems of interacting services", Computer Networks, Vol. 51 No. 5, pp. 1334-1360.

Yu, S. and Rubo, Z. (2008), "Automatic intrusion response system based on aggregation and cost", Proceedings of the International Conference on Information and Automation (ICIA), pp. 1783-1786.

Yue, W.T. and Cakanyildirim, M. (2007), "Intrusion prevention in information systems: Reactive and proactive responses", Journal of Management Information Systems, Vol. 24, pp. 329-353.

Zhang, Z., Ho, P.-H. and He, L. (2009), "Measuring IDS-estimated attack impacts for rational incident response: A decision theoretic approach", Computers & Security (2009).

Zhi-tang, L., Jie, L., Li, W. and Dong, L. (2007), "Assessing Attack Threat by the Probability of Following Attacks", Proceedings of the International Conference on Networking, Architecture, and Storage (NAS 2007), pp. 91-100.

Repository Staff Only: item control page
 
 
 
 
 
 
© Copyright 2007 MyAIS Faculty of Computer Science and Information Technology, University of Malaya – All Rights Reserved. Malaysian Abstracting and Indexing System is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.