A response selection model for intrusion response systems: Response Strategy Model (RSM)

Document Type

Journal Article

Publisher

John Wiley & sons, Inc.

Faculty

Faculty of Health, Engineering and Science

School

ECU Security Research Institute

RAS ID

15986

Comments

Anuar, N., Papadaki, M., Furnell, S. , & Clarke, N. (2013). A Response Selection Model for Intrusion Response Systems: Response Strategy Model (RSM). Security and Communication Networks. 7(11), 1831-1848.

Available here

Abstract

Intrusion response systems aim to provide a systematic procedure to respond to incidents. However, with different type of response options, an automatic response system is designed to select appropriate response options automatically in order to act fast to respond to only true and critical incidents as well as minimise their impact. In addition, incidents also can be prioritised into different level of priority where some incidents may cause a serious impact (i.e. high priority) and other may not (i.e. low priority). The existing strategies inherit some limitation such as using complex approaches and less efficient in mapping appropriate response based upon incidents' priority. Therefore, this study introduces a model called response strategy model to address the aforementioned limitation. In order to validate, it was evaluated using two datasets: DARPA 2000 and private dataset. The case study results have shown a significant relationship between the incident classification and incident priorities where false incidents are likely to be categorised as low priority and true incidents are likely to be categorised as the high priority. In particular, with response strategy model, an average of 92.68% of the false incidents was prioritised as the lowest priority is better compared with only 67.07% with Snort priority

DOI

10.1002/sec.896

Share

 
COinS