To read this content please select one of the options below:

Achieving automated intrusion response: a prototype implementation

M. Papadaki (Network Research Group, School of Computing, Communications and Electronics, University of Plymouth, Plymouth, UK)
S.M. Furnell (Network Research Group, School of Computing, Communications and Electronics, University of Plymouth, Plymouth, UK School of Computer and Information Science, Edith Cowan University, Perth, Australia)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 May 2006

683

Abstract

Purpose

The increasing speed and volume of attacks against networked systems highlights the need to automate the intrusion response process. This paper proposes a means by which such automation may be achieved, and presents details of a practical implementation.

Design/methodology/approach

The paper outlines the architecture of a flexible and intelligent automated response system that is able to adapt response decisions according to the context in which a detected incident has occurred. The discussion presents details of a prototype implementation that has been used to evaluate the concept in practice, and demonstrates the feasibility of assessing contextual factors associated with detected incidents.

Findings

A series of worked examples are presented to show how the same incident occurring in different contexts will trigger different decisions from the response system.

Originality/value

The paper contributes towards the domain of intrusion response, and proposes an approach that would enable automation of the response process to be more acceptable to security administrators.

Keywords

Citation

Papadaki, M. and Furnell, S.M. (2006), "Achieving automated intrusion response: a prototype implementation", Information Management & Computer Security, Vol. 14 No. 3, pp. 235-251. https://doi.org/10.1108/09685220610670396

Publisher

:

Emerald Group Publishing Limited

Copyright © 2006, Emerald Group Publishing Limited

Related articles