Automatic intrusion response system based on aggregation and cost

One of the most significant issues in intrusion detection is automating responses to intrusions, but has so far been largely overlooked and therefore requires further research in its own right. And another main weakness of current intrusion detection systems is that they often generate too many same or similar alerts for one intrusion and system immune alerts. This will use a lot of time to respond repeatedly. As a result, a better method to solve above problem is making use of the aggregation to classify the alerts and the Response Cost to decrease the system immune alerts. At last, this paper presents a modal of automatic intrusion response system and introduces the implement in detail.

[1]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[2]  Fred Cohen,et al.  Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[3]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[4]  D. Sterne,et al.  Cooperative Intrusion Traceback and Response Architecture (CITRA) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[5]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.