Abstract
Continuing organisational dependence upon computing and networked systems, in conjunction with the mounting problems of security breaches and attacks, has served to make intrusion detection systems an increasingly common, and even essential, security countermeasure. However, whereas detection technologies have received extensive research focus for over fifteen years, the issue of intrusion response has received relatively little attention – particularly in the context of automated and active response systems. This paper considers the importance of intrusion response, and discusses the operational characteristics required of a flexible, automated responder agent within an intrusion monitoring architecture. This discussion is supported by details of a prototype implementation, based on the architecture described, which demonstrates how response policies and alerts can be managed in a practical context.
Chapter PDF
References
CERT Coordination Center: Security of the Internet. The Froehlich/Kent Encyclopedia of Telecommunications, vol. 15, pp. 231–255. Marcel Dekker, New York (1997)
Richardson, R.: 2003 CSI/FBI Computer Crime and Security Survey (2003), http://www.gocsi.com/
Power, R.: 2002 CSI/FBI Computer Crime and Security Survey. Computer Security Issues and Trends VIII(1), 10–11, 20–21 (2002)
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)
Allen, J., Christie, A., et al.: State of the Practice of Intrusion Detection Technologies, Technical Report CMU/SEI-99-TR-028, Carnegie Mellon University (2000), http://www.sei.cmu.edu/publications/documents/99.reports/99tr028/99tr028abstract.html
Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network Intrusion Detection. IEEE Networks 8(3), 26–41 (1994)
Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, Chichester (2000)
Amoroso, E.: Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response, Second Printing, Intrusion. Net Books, New Jersey (1999)
Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection Systems. National Institute of Standards and Technology (NIST) (2001), http://csrc.nist.gov/publications/drafts/idsdraft.pdf
Newman, D., Snyder, J., Thayer, R.: Crying Wolf: False Alarms hide attacks. Network World Fusion Magazine (2002), http://www.nwfusion.com/techinsider/2002/0624security1.html/
Cohen, F.B.: Simulating Cyber Attacks, Defences, and Consequences. The Infosec Technical Baseline studies (1999), http://all.net/journal/ntb/simulate/simulate.html
Lee, S.Y.J.: Methods of response to IT system intrusions, MSc thesis, University of Plymouth, Plymouth (2001)
Cheung, S., Levitt, K.N.: Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection. In: Proceedings of the New Security Paradigms Workshop, Langdale,Cumbria UK (1997), http://riss.keris.or.kr:8080/pubs/contents/proceedings/commsec/283699/
Furnell, S.M., Dowland, P.S.: A conceptual architecture for real-time intrusion monitoring. Information Management & Computer Security 8(2), 65–74 (2000)
Papadaki, M., Furnell, S.M., Lines, B.M., Reynolds, P.L.: A Response-Oriented Taxonomy of IT System Intrusions. In: Proceedings of Euromedia 2002, pp. 87–95. Modena, Italy (2002)
Papadaki, M., Furnell, S.M., Lee, S.J., Lines, B.M., Reynolds, P.L.: Enhancing response in intrusion detection systems. Journal of Information Warfare 2(1), 90–102 (2002)
Dowland, P., Furnell, S., Papadaki, M.: Keystroke Analysis as a Method of Advanced User Authentication and Response. In: Proceedings of IFIP/SEC 2002 - 17th International Conference on Information Security, Cairo, Egypt, pp. 215–226 (2002)
Irakleous, I., Furnell, S., Dowland, P., Papadaki, M.: An experimental comparison of secret-based user authentication technologies. Journal of Information Management & Computer Security 10(3), 100–108 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Papadaki, M., Furnell, S., Lines, B., Reynolds, P. (2003). Operational Characteristics of an Automated Intrusion Response System. In: Lioy, A., Mazzocchi, D. (eds) Communications and Multimedia Security. Advanced Techniques for Network and Data Protection. CMS 2003. Lecture Notes in Computer Science, vol 2828. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45184-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-45184-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20185-4
Online ISBN: 978-3-540-45184-6
eBook Packages: Springer Book Archive