论文信息 - Operational Characteristics of an Automated Intrusion Response System

Operational Characteristics of an Automated Intrusion Response System

Continuing organisational dependence upon computing and networked systems, in conjunction with the mounting problems of security breaches and attacks, has served to make intrusion detection systems an increasingly common, and even essential, security countermeasure. However, whereas detection technologies have received extensive research focus for over fifteen years, the issue of intrusion response has received relatively little attention - particularly in the context of automated and active response systems. This paper considers the importance of intrusion response, and discusses the operational characteristics required of a flexible, automated responder agent within an intrusion monitoring architecture. This discussion is supported by details of a prototype implementation, based on the architecture described, which demonstrates how response policies and alerts can be managed in a practical context.

Maria Papadaki | Steven Furnell | Paul L. Reynolds | Benn Lines

[1] E. Amoroso. Intrusion Detection , 1999 .

[2] Steven Furnell,et al. A conceptual architecture for real-time intrusion monitoring , 2000, Inf. Manag. Comput. Secur..

[3] Maria Papadaki,et al. An experimental comparison of secret-based user authentication technologies , 2002, Inf. Manag. Comput. Secur..

[4] Dorothy E. Denning,et al. An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[5] Fred Cohen,et al. Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[6] Karl N. Levitt,et al. Protecting routing infrastructures from denial of service using cooperative intrusion detection , 1998, NSPW '97.

[7] R. Power. CSI/FBI computer crime and security survey , 2001 .

[8] Peter Mell,et al. NIST Special Publication on Intrusion Detection Systems , 2001 .

[9] William L. Fithen,et al. State of the Practice of Intrusion Detection Technologies , 2000 .

[10] Maria Papadaki,et al. Keystroke Analysis as a Method of Advanced User Authentication and Response , 2002, SEC.

[11] Bruce Schneier,et al. Secrets and Lies: Digital Security in a Networked World , 2000 .

[12] Steven Furnell,et al. Security Vulnerabilities and System Intrusions , 2001 .

[13] Todd L. Heberlein,et al. Network intrusion detection , 1994, IEEE Network.