Information Assurance: Dependability and Security in Networked Systems
Author
Bingrui Foo, Matthew W. Glause, Gaspar M. Howard, Yu-Sung Wu, Saurabh Bagchi, Eugene H. Spafford
Tech report number
CERIAS TR 2007-57
Abstract
Protecting networks from computer security attacks is an important concern of computer security. Within this, intrusion prevention and intrusion detection systems have been the subject of much study and have been covered in several excellent survey papers. However, the actions
that need to follow the steps of prevention and detection, namely response, have received less
attention from researchers or practitioners. It was traditionally thought of as an offline process,
with humans in the loop, such as system administrators performing forensics by going through the system logs and determining which services or components need to be recovered. Our
systems today have reached a level of complexity and the attacks directed at them a level of sophistication that manual responses are no longer adequate. So far there has been limited work in autonomous intrusion response systems, especially work that provides rigorous analysis or
generalizable system building techniques. The work that exists has not been surveyed previously.
In this survey paper, we lay out the design challenges in building autonomous intrusion response systems. Then we provide a classification of existing work on the topic into four categories
Booktitle
Information Assurance: Dependability and Security in Networked Systems
Chapter
Intrustion Response Systems: A Survey
Publisher
Morgan Kaufmann Publishers
Publication Date
2001-01-01