Title

Achieving Automated Intrusion Response: A Prototype Implementation

Document Type

Journal Article

Publisher

Emerald Group Publishing Limited

Faculty

Faculty of Computing, Health and Science

School

School of Computer and Information Science / Centre for Security Research

RAS ID

4110

Comments

Originally published as: Papadaki, M., & Furnell, S. M. (2006). Achieving automated intrusion response: a prototype implementation. Information management & computer security, 14(3), 235-251. Original available here

Abstract

Purpose – The increasing speed and volume of attacks against networked systems highlights the need to automate the intrusion response process. This paper proposes a means by which such automation may be achieved, and presents details of a practical implementation.

Design/methodology/approach – The paper outlines the architecture of a flexible and intelligent automated response system that is able to adapt response decisions according to the context in which a detected incident has occurred. The discussion presents details of a prototype implementation that has been used to evaluate the concept in practice, and demonstrates the feasibility of assessing contextual factors associated with detected incidents.

Findings – A series of worked examples are presented to show how the same incident occurring in different contexts will trigger different decisions from the response system.

Originality/value – The paper contributes towards the domain of intrusion response, and proposes an approach that would enable automation of the response process to be more acceptable to security administrators.

DOI

10.1108/09685220610670396

 
COinS
 

Link to publisher version (DOI)

10.1108/09685220610670396