Abstract
The function of intrusion detection systems without a timely response against intrusions and threats will be largely limited even they can detect attacks and generate alarms. A comprehensive security solution usually has a timely countermeasure against intrusions. IDSs aim to cover vulnerabilities by detecting different attack types, some of which can be responded by hand. The manual response, however, can not protect the system against fast attacks such as highly distributed DDoS attacks. Since it is impossible to provide a highly efficient way of responding to highspeed threats manually, automated response is proposed. In this chapter, we discuss in details different response approaches.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
T. Alpcan and T. Basar, A game theoretic approach to decision and analysis in network intrusion detection, Proceedings of the 42nd IEEE Conference on Decision and Control, vol. 3, December 2003, pp. 2595–2600.
Ivan Balepin, Sergei Maltsev, Jeff Rowe, and Karl Levitt, Using specification-based intrusion detection for automated response, Proceedings of Recent Advances in Intrusion Detection, 6th International Symposium, (RAID 2003) (Pittsburgh, PA, USA) (G. Vigna, E. Jonsson, and C. Kruegel, eds.), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2003, pp. 136–154.
C. A. Carver, J. M. D. Hill, and U. W. Pooh, Limiting uncertainty in intrusion response, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (United States Military Academy, West Point), June 2001, pp. 142–147.
A. Curtis and Jr. Carver, Intrusion response systems: A survey, Tech. report, Texas A&M University, Department of Computer Sciences, 2000.
Robert J. Ellison, Nancy R. Mead, Thomas A. Longstaff, and Richard C. Linger, The survivability imperative: Protecting critical systems, CrossTalk: The Journal of Defense Software Engineering 13 (2000), no. 10, 12–15.
S. N. Hamilton, W. L. Miller, A. Ott, and O. S. Saydjari, The role of game theory in information warfare, Proceedings of the 4th Information Survivability Workshop (ISW-2001/2002) (Vancouver, BC, Canada), March 2002.
O. Koukousoula J. Dickerson, J. Juslin and J. Dickerson, Fuzzy intrusion detection, Proceedings of IFSA World Congress and 20th North American Fuzzy Information Processing Society (NAFIPS) International Conference, July, 2001, pp. 1506–1510.
Zhang Jian, Ding Yong, and Gong Jian, Intrusion detection system based on fuzzy default logic, Proceedings of The 12th IEEE International Conference on Fuzzy Systems, FUZZ'03, vol. 2, May 2003, pp. 1350–1356.
C. Ko, System health and intrusion monitoring (shim): project summary, Proceedings of The DARPA Information Survivability Conference and Exposition II (DISCEX), vol. 2, April 2003, pp. 202–207.
O. P. Kreidl and T. M. Frazier, Feedback control applied to survivability: A host-based autonomic defense system, IEEE Transactions on Reliability 53 (2004), no. 1, 148–166.
S. Lewandowski, D. J. Van Hook, G. C. OLeary, J. W. Haines, and L. M. Rose, Sara: Survivable autonomic response architecture, Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX II01) (Anaheim, CA, USA), June 2001, pp. 77–88.
Botha M. and R. Solms, Utilising fuzzy logic and trend analysis for effective intrusion detection, Computers & Security 22 (2003), no. 5, 423–434.
P. Pal, F. Webber, and R. Schantz, Survival by defense-enabling, Proceedings of the 2001 workshop on New security paradigms, ACM New York, NY, USA, 2001, pp. 71–78.
A. Ph. Porras and P. G. Neumann, Emerald: Event monitoring enabling responses to anomalous live disturbances, Proceedings of the National Information Systems Security Conference, 1997, pp. 353–365.
D.J. Ragsdale, C.A.Jr. Carver, J.W. Humphries, and U.W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics (Nashville, TN USA), vol. 4, 2000, pp. 2344–2349.
R. Sandhu and P. Samarati, Authentication, access control and intrusion detection, The Computer Science and Engineering Handbook (Boca Raton, FL) (A. Tucker, ed.), CRC Press, 1997.
M. Shajari, Enhancing network survivability using intelligent agents, Ph.D. thesis, Faculty of Computer Science, University of New Brunswick, Fredericton, NB, Canada, 2005.
Vaughn R.B. Siraj A. and S.M. Bridges, Intrusion sensor data fusion in an intelligent intrusion detection system architecture, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, January, 2004, pp. 279–288.
G. B. White, E. A. Fisch, and U. W. Pooh, Cooperating security managers: A peer-based intrusion detection system, IEEE Network 10 (1996), no. 1,2, 20–23.
Yu-Sung Wu, Bingrui Foo, Blake Matheny, Tyler Olsen, and Saurabh Bagchi, Adepts: Adaptive intrusion containment and response using attack graphs in an e-commerce environment, Tech. Report 2003–33, CERIAS, 2003, http://www.ece.purdue.edu/ sbagchi/Research/Papers/adepts_ceriastr03.pdf.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer-Verlag US
About this chapter
Cite this chapter
Ghorbani, A.A., Lu, W., Tavallaee, M. (2010). Intrusion Response. In: Network Intrusion Detection and Prevention. Advances in Information Security, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88771-5_8
Download citation
DOI: https://doi.org/10.1007/978-0-387-88771-5_8
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88770-8
Online ISBN: 978-0-387-88771-5
eBook Packages: Computer ScienceComputer Science (R0)