The function of intrusion detection systems without a timely response against intrusions and threats will be largely limited even they can detect attacks and generate alarms. A comprehensive security solution usually has a timely countermeasure against intrusions. IDSs aim to cover vulnerabilities by detecting different attack types, some of which can be responded by hand. The manual response, however, can not protect the system against fast attacks such as highly distributed DDoS attacks. Since it is impossible to provide a highly efficient way of responding to highspeed threats manually, automated response is proposed. In this chapter, we discuss in details different response approaches.
KeywordsIntrusion Detection Intrusion Detection System Partially Observable Markov Decision Process Analysis Agent Fuzzy Process
Unable to display preview. Download preview PDF.
- 1.T. Alpcan and T. Basar, A game theoretic approach to decision and analysis in network intrusion detection, Proceedings of the 42nd IEEE Conference on Decision and Control, vol. 3, December 2003, pp. 2595–2600.Google Scholar
- 2.Ivan Balepin, Sergei Maltsev, Jeff Rowe, and Karl Levitt, Using specification-based intrusion detection for automated response, Proceedings of Recent Advances in Intrusion Detection, 6th International Symposium, (RAID 2003) (Pittsburgh, PA, USA) (G. Vigna, E. Jonsson, and C. Kruegel, eds.), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2003, pp. 136–154.Google Scholar
- 3.C. A. Carver, J. M. D. Hill, and U. W. Pooh, Limiting uncertainty in intrusion response, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (United States Military Academy, West Point), June 2001, pp. 142–147.Google Scholar
- 4.A. Curtis and Jr. Carver, Intrusion response systems: A survey, Tech. report, Texas A&M University, Department of Computer Sciences, 2000.Google Scholar
- 5.Robert J. Ellison, Nancy R. Mead, Thomas A. Longstaff, and Richard C. Linger, The survivability imperative: Protecting critical systems, CrossTalk: The Journal of Defense Software Engineering 13 (2000), no. 10, 12–15.Google Scholar
- 6.S. N. Hamilton, W. L. Miller, A. Ott, and O. S. Saydjari, The role of game theory in information warfare, Proceedings of the 4th Information Survivability Workshop (ISW-2001/2002) (Vancouver, BC, Canada), March 2002.Google Scholar
- 7.O. Koukousoula J. Dickerson, J. Juslin and J. Dickerson, Fuzzy intrusion detection, Proceedings of IFSA World Congress and 20th North American Fuzzy Information Processing Society (NAFIPS) International Conference, July, 2001, pp. 1506–1510.Google Scholar
- 9.C. Ko, System health and intrusion monitoring (shim): project summary, Proceedings of The DARPA Information Survivability Conference and Exposition II (DISCEX), vol. 2, April 2003, pp. 202–207.Google Scholar
- 11.S. Lewandowski, D. J. Van Hook, G. C. OLeary, J. W. Haines, and L. M. Rose, Sara: Survivable autonomic response architecture, Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX II01) (Anaheim, CA, USA), June 2001, pp. 77–88.Google Scholar
- 13.P. Pal, F. Webber, and R. Schantz, Survival by defense-enabling, Proceedings of the 2001 workshop on New security paradigms, ACM New York, NY, USA, 2001, pp. 71–78.Google Scholar
- 14.A. Ph. Porras and P. G. Neumann, Emerald: Event monitoring enabling responses to anomalous live disturbances, Proceedings of the National Information Systems Security Conference, 1997, pp. 353–365.Google Scholar
- 15.D.J. Ragsdale, C.A.Jr. Carver, J.W. Humphries, and U.W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics (Nashville, TN USA), vol. 4, 2000, pp. 2344–2349.Google Scholar
- 16.R. Sandhu and P. Samarati, Authentication, access control and intrusion detection, The Computer Science and Engineering Handbook (Boca Raton, FL) (A. Tucker, ed.), CRC Press, 1997.Google Scholar
- 17.M. Shajari, Enhancing network survivability using intelligent agents, Ph.D. thesis, Faculty of Computer Science, University of New Brunswick, Fredericton, NB, Canada, 2005.Google Scholar
- 18.Vaughn R.B. Siraj A. and S.M. Bridges, Intrusion sensor data fusion in an intelligent intrusion detection system architecture, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, January, 2004, pp. 279–288.Google Scholar
- 20.Yu-Sung Wu, Bingrui Foo, Blake Matheny, Tyler Olsen, and Saurabh Bagchi, Adepts: Adaptive intrusion containment and response using attack graphs in an e-commerce environment, Tech. Report 2003–33, CERIAS, 2003, http://www.ece.purdue.edu/ sbagchi/Research/Papers/adepts_ceriastr03.pdf.