Intrusion Response

  • Ali A. Ghorbani
  • Wei Lu
  • Mahbod Tavallaee
Part of the Advances in Information Security book series (ADIS, volume 47)


The function of intrusion detection systems without a timely response against intrusions and threats will be largely limited even they can detect attacks and generate alarms. A comprehensive security solution usually has a timely countermeasure against intrusions. IDSs aim to cover vulnerabilities by detecting different attack types, some of which can be responded by hand. The manual response, however, can not protect the system against fast attacks such as highly distributed DDoS attacks. Since it is impossible to provide a highly efficient way of responding to highspeed threats manually, automated response is proposed. In this chapter, we discuss in details different response approaches.


Intrusion Detection Intrusion Detection System Partially Observable Markov Decision Process Analysis Agent Fuzzy Process 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    T. Alpcan and T. Basar, A game theoretic approach to decision and analysis in network intrusion detection, Proceedings of the 42nd IEEE Conference on Decision and Control, vol. 3, December 2003, pp. 2595–2600.Google Scholar
  2. 2.
    Ivan Balepin, Sergei Maltsev, Jeff Rowe, and Karl Levitt, Using specification-based intrusion detection for automated response, Proceedings of Recent Advances in Intrusion Detection, 6th International Symposium, (RAID 2003) (Pittsburgh, PA, USA) (G. Vigna, E. Jonsson, and C. Kruegel, eds.), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2003, pp. 136–154.Google Scholar
  3. 3.
    C. A. Carver, J. M. D. Hill, and U. W. Pooh, Limiting uncertainty in intrusion response, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (United States Military Academy, West Point), June 2001, pp. 142–147.Google Scholar
  4. 4.
    A. Curtis and Jr. Carver, Intrusion response systems: A survey, Tech. report, Texas A&M University, Department of Computer Sciences, 2000.Google Scholar
  5. 5.
    Robert J. Ellison, Nancy R. Mead, Thomas A. Longstaff, and Richard C. Linger, The survivability imperative: Protecting critical systems, CrossTalk: The Journal of Defense Software Engineering 13 (2000), no. 10, 12–15.Google Scholar
  6. 6.
    S. N. Hamilton, W. L. Miller, A. Ott, and O. S. Saydjari, The role of game theory in information warfare, Proceedings of the 4th Information Survivability Workshop (ISW-2001/2002) (Vancouver, BC, Canada), March 2002.Google Scholar
  7. 7.
    O. Koukousoula J. Dickerson, J. Juslin and J. Dickerson, Fuzzy intrusion detection, Proceedings of IFSA World Congress and 20th North American Fuzzy Information Processing Society (NAFIPS) International Conference, July, 2001, pp. 1506–1510.Google Scholar
  8. 8.
    Zhang Jian, Ding Yong, and Gong Jian, Intrusion detection system based on fuzzy default logic, Proceedings of The 12th IEEE International Conference on Fuzzy Systems, FUZZ'03, vol. 2, May 2003, pp. 1350–1356.CrossRefGoogle Scholar
  9. 9.
    C. Ko, System health and intrusion monitoring (shim): project summary, Proceedings of The DARPA Information Survivability Conference and Exposition II (DISCEX), vol. 2, April 2003, pp. 202–207.Google Scholar
  10. 10.
    O. P. Kreidl and T. M. Frazier, Feedback control applied to survivability: A host-based autonomic defense system, IEEE Transactions on Reliability 53 (2004), no. 1, 148–166.CrossRefGoogle Scholar
  11. 11.
    S. Lewandowski, D. J. Van Hook, G. C. OLeary, J. W. Haines, and L. M. Rose, Sara: Survivable autonomic response architecture, Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX II01) (Anaheim, CA, USA), June 2001, pp. 77–88.Google Scholar
  12. 12.
    Botha M. and R. Solms, Utilising fuzzy logic and trend analysis for effective intrusion detection, Computers & Security 22 (2003), no. 5, 423–434.CrossRefGoogle Scholar
  13. 13.
    P. Pal, F. Webber, and R. Schantz, Survival by defense-enabling, Proceedings of the 2001 workshop on New security paradigms, ACM New York, NY, USA, 2001, pp. 71–78.Google Scholar
  14. 14.
    A. Ph. Porras and P. G. Neumann, Emerald: Event monitoring enabling responses to anomalous live disturbances, Proceedings of the National Information Systems Security Conference, 1997, pp. 353–365.Google Scholar
  15. 15.
    D.J. Ragsdale, C.A.Jr. Carver, J.W. Humphries, and U.W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics (Nashville, TN USA), vol. 4, 2000, pp. 2344–2349.Google Scholar
  16. 16.
    R. Sandhu and P. Samarati, Authentication, access control and intrusion detection, The Computer Science and Engineering Handbook (Boca Raton, FL) (A. Tucker, ed.), CRC Press, 1997.Google Scholar
  17. 17.
    M. Shajari, Enhancing network survivability using intelligent agents, Ph.D. thesis, Faculty of Computer Science, University of New Brunswick, Fredericton, NB, Canada, 2005.Google Scholar
  18. 18.
    Vaughn R.B. Siraj A. and S.M. Bridges, Intrusion sensor data fusion in an intelligent intrusion detection system architecture, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, January, 2004, pp. 279–288.Google Scholar
  19. 19.
    G. B. White, E. A. Fisch, and U. W. Pooh, Cooperating security managers: A peer-based intrusion detection system, IEEE Network 10 (1996), no. 1,2, 20–23.CrossRefGoogle Scholar
  20. 20.
    Yu-Sung Wu, Bingrui Foo, Blake Matheny, Tyler Olsen, and Saurabh Bagchi, Adepts: Adaptive intrusion containment and response using attack graphs in an e-commerce environment, Tech. Report 2003–33, CERIAS, 2003, sbagchi/Research/Papers/adepts_ceriastr03.pdf.

Copyright information

© Springer-Verlag US 2010

Authors and Affiliations

  1. 1.University of New BrunswickFrederictonCanada

Personalised recommendations