Information Assurance: Dependability and Security in Networked Systems

Get BibTex-formatted data

Download

PDF

Author

Bingrui Foo, Matthew W. Glause, Gaspar M. Howard, Yu-Sung Wu, Saurabh Bagchi, Eugene H. Spafford

Tech report number

CERIAS TR 2007-57

Entry type

inbook

Abstract

Protecting networks from computer security attacks is an important concern of computer security. Within this, intrusion prevention and intrusion detection systems have been the subject of much study and have been covered in several excellent survey papers. However, the actions that need to follow the steps of prevention and detection, namely response, have received less attention from researchers or practitioners. It was traditionally thought of as an offline process, with humans in the loop, such as system administrators performing forensics by going through the system logs and determining which services or components need to be recovered. Our systems today have reached a level of complexity and the attacks directed at them a level of sophistication that manual responses are no longer adequate. So far there has been limited work in autonomous intrusion response systems, especially work that provides rigorous analysis or generalizable system building techniques. The work that exists has not been surveyed previously. In this survey paper, we lay out the design challenges in building autonomous intrusion response systems. Then we provide a classification of existing work on the topic into four categories

Download

PDF

URL

http://cobweb.ecn.purdue.edu/~ ... /2007/wiley_irssurvey.pdf

Booktitle

Information Assurance: Dependability and Security in Networked Systems

Chapter

Intrustion Response Systems: A Survey

Key alpha

Foo

Publisher

Morgan Kaufmann Publishers

Affiliation

CERIAS

Publication Date

2001-01-01

Language

English

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inbook{ Foo,
	title = "Information Assurance: Dependability and Security in Networked Systems",
	author = "Bingrui Foo, Matthew W. Glause, Gaspar M. Howard, Yu-Sung Wu, Saurabh Bagchi, Eugene H. Spafford",
	booktitle = "Information Assurance: Dependability and Security in Networked Systems",
	chapter = "Intrustion Response Systems: A Survey",
	publisher = "Morgan Kaufmann Publishers",
	abstract = "Protecting networks from computer security attacks is an important concern of computer security. Within this, intrusion prevention and intrusion detection systems have been the subject of much study and have been covered in several excellent survey papers. However, the actions 
that need to follow the steps of prevention and detection, namely response, have received less 
attention from researchers or practitioners. It was traditionally thought of as an offline process, 
with humans in the loop, such as system administrators performing forensics by going through the system logs and determining which services or components need to be recovered. Our 
systems today have reached a level of complexity and the attacks directed at them a level of sophistication that manual responses are no longer adequate. So far there has been limited work in autonomous intrusion response systems, especially work that provides rigorous analysis or 
generalizable system building techniques. The work that exists has not been surveyed previously. 
In this survey paper, we lay out the design challenges in building autonomous intrusion response systems. Then we provide a classification of existing work on the topic into four categories ",
	affiliation = "CERIAS",
	language = "English",
	url = "http://cobweb.ecn.purdue.edu/~dcsl/publications/papers/2007/wiley_irssurvey.pdf",
}