Abstract
Continuing organisational dependence upon, computing and networked systems, in conjunction with the mounting problems of security breaches and attacks, has served to make intrusion detection systems an increasingly common, and even essential, security countermeasure. However, whereas detection technologies have received extensive research focus for over fifteen years, the issue of intrusion response has received relatively little attention - particularly in the context of automated and active response systems. This paper considers the importance of intrusion response, and discusses the operational characteristics required of a flexible, automated responder agent within an intrusion monitoring architecture. This discussion is supported by details of a prototype implementation, based on the architecture described, which demonstrates how response policies and alerts can be managed in a practical context. © IFIP International Federation for Information Processing 2003.
Cite
CITATION STYLE
Papadaki, M., Furnell, S., Lines, B., & Reynolds, P. (2003). Operational characteristics of an automated intrusion response system. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2828, 65–75. https://doi.org/10.1007/978-3-540-45184-6_6
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
