A taxonomy of intrusion response systems

Stakhanova, Natalia; Basu, Samik; Wong, Johnny

doi:10.1504/ijics.2007.012248

Cited by 121 publications

(99 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Data aggregation is also used to enhance bandwidth utilization [10,11]. But, this type of work treat all alerts equally without considering their criticalities, probably causing adverse impact on the system security.…”

Section: Related Workmentioning

confidence: 99%

Risk-driven aggregation and transmission prioritization of cyber alerts over mobile networks

Çam¹,

Mouallem²

2014

2014 International Conference on Computing, Networking and Communications (ICNC)

View full text Add to dashboard Cite

Abstract-Alert Aggregation in mobile networks plays an important role in mitigating the adverse impact of alert generation by reducing the amount of communication and security data to be transmitted. However, it is not guaranteed that the bandwidth necessary to transmit all aggregated alerts is always available, which usually result in the transmission of a portion of the alerts, while others are discarded or queued. The transmission of insufficient alert information hinders making correct decisions about attacks, leading to compromising network security. In order to maximize the benefits of data aggregation while minimizing the impact of partial alerts, this paper presents a risk-driven real-time transmission prioritization technique for implementing lossy and lossless aggregation of cyber alerts. Lossy alert aggregation and transmission are managed adaptively by allowing the prioritization and transmission of aggregated alerts according to the risk assessment of such alerts. This paper also presents a risk-driven utilization model that further adapts the aggregation and prioritization in response to dynamic network conditions. The performance results of the proposed techniques are obtained by running simulations on data collected from a mobile network. Simulation results for the aggregation of raw alerts have shown an average reduction of 51% in data storage space and bandwidth usage.

show abstract

Section: Related Workmentioning

confidence: 99%

Risk-driven aggregation and transmission prioritization of cyber alerts over mobile networks

Çam¹,

Mouallem²

2014

2014 International Conference on Computing, Networking and Communications (ICNC)

View full text Add to dashboard Cite

show abstract

“…Natalia Stakhanova et al presented in [2] a taxonomy of autonomous intrusion response systems, together with a review of current trends in intrusion response research.…”

Section: Automated Intrusion Response Systemsmentioning

confidence: 99%

“…In addition to the taxonomy presented in [2] Frame), a system based on mobile agents that is focused on the source of attackers [8].…”

Section: Automated Intrusion Response Systemsmentioning

confidence: 99%

“…where T Ω (a) has been computed in (1); µ(a) represents the confidence of a domain in its IDSs to detect a; ⊕ is the same aggregation operation used in (1); n is the total number of domains with which Ω maintains a trust relationship, except the i-th domain that is being assessed; T (t−1) Ω,j is the previous trustworthiness of Ω on the j-th domain; and γ, δ ∈ [0, 1] have the same meanings that the weights α and β, but extracting the i-th reliable domain in (2).…”

Section: Trust and Reputation Management Systemmentioning

confidence: 99%

See 1 more Smart Citation

RECLAMO: Virtual and Collaborative Honeynets Based on Trust Management and Autonomous Systems Applied to Intrusion Management

Pérez

Lanchas

Cambronero

et al. 2013

2013 Seventh International Conference on Complex, Intelligent, and Software Intensive Systems

View full text Add to dashboard Cite

Abstract-Security intrusions in large systems is a problem due to its lack of scalability with the current IDS-based approaches. This paper describes the RECLAMO project, where an architecture for an Automated Intrusion Response System (AIRS) is being proposed. This system will infer the most appropriate response for a given attack, taking into account the attack type, context information, and the trust and reputation of the reporting IDSs. RECLAMO is proposing a novel approach: diverting the attack to a specific honeynet that has been dynamically built based on the attack information. Among all components forming the RECLAMO's architecture, this paper is mainly focused on defining a trust and reputation management model, essential to recognize if IDSs are exposing an honest behavior in order to accept their alerts as true. Experimental results confirm that our model helps to encourage or discourage the launch of the automatic reaction process.

show abstract

“…Axelsson develops a taxonomy of detection methods [15], that Williams extends [16]. Kuperman classifies both the goals of detection and the timeliness of detection [17], and Stakhanova et al work towards a taxonomy of intrusion detection system responses [18]. Mott presents work into classifying the level of security that the security system maintains for itself [5].…”

Section: Current Security Classificationsmentioning

confidence: 99%

Software Cannot Protect Software: An Argument for Dedicated Hardware in Security and a Categorization of the Trustworthiness of Information

Judge¹,

Williams²,

Kim³

et al. 2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. There are many current classifications and taxonomies relating to computer security. One missing classification is the Trustworthiness of Information being received by the security system, which we define. This new classification along with Timeliness of Detection and Security level of the Security System present motivation for hardwarebased security solutions. Including hardware is not an automatic solution to the limitations of software solutions. Advantages are only gained from hardware through design that ensures at least First-hand Information, dedicated monitors, explicit hardware communication, dedicated storage, and dedicated security processors.

show abstract

A taxonomy of intrusion response systems

Cited by 121 publications

References 18 publications

Risk-driven aggregation and transmission prioritization of cyber alerts over mobile networks

Risk-driven aggregation and transmission prioritization of cyber alerts over mobile networks

RECLAMO: Virtual and Collaborative Honeynets Based on Trust Management and Autonomous Systems Applied to Intrusion Management

Software Cannot Protect Software: An Argument for Dedicated Hardware in Security and a Categorization of the Trustworthiness of Information

Contact Info

Product

Resources

About