Enhancing Response in Intrusion Detection Systems

ABSTRACT

With rising levels of attacks and misuse, intrusion detection systems are an increasingly important security technology for IT environments. However, while intrusion detection has been the focus of significant research, the issue of response has received relatively little attention. The majority of systems focus response efforts towards passive methods, which serve to notify and warn, but cannot prevent or contain an intrusion. Where more active responses are available, they typically rely upon manual initiation. The paper examines the reasons for this, and argues that a more comprehensive and reliable response framework is required in order to facilitate further automation of active responses. A range of factors are identified that a software-based responder agent could assess in order to improve response selection, and thereby increase trust in automated solutions.


AUTHORS

Network Research Group of Engineering, University of Plymouth
UK

Maria Papadaki was born in Iraklio of Crete, Greece and studied Informatics in the Technological Educational Institute (T.E.I.) of Athens. After her graduation in November 1997, she worked for two years for the Library and the Network Operating Centre of the Athens School of Fine Arts. Funded by the State Scholarships Foundation (SSF) of Engineering at University of Plymouth, UK, and is currently a PhD student within the Network Research Group of the University. Current interests include intrusion detection and methods of automated system response.

Photo of Professor Steve Furnell

School of Computer Science University of Nottingham,
Nottingham, United Kingdom

Steven Furnell is a professor of cyber security at the University of Nottingham. He is also an Honorary Professor with Nelson Mandela University in South Africa and an Adjunct Professor with Edith Cowan University in Western Australia. His research interests include: usability of security and privacy, security management and culture, and technologies for user authentication and intrusion detection. He has authored over 340 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society and Computer Insecurity: Risking the System. Prof. Furnell is the Chair of Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and a board member of the Chartered Institute of Information Security.

Researcher at the TamKang University
Taipei

Shih-Yao (Jim) Lee holds an MSC in Integrated Services and Intelligent Networks Engineering from University of Plymouth. His Masters project, entitled ‘Methods of Response to IT System Intrusions’, was conducted in association with the Network Research Group. Since completing the project, Jim has become a researcher at the TamKang University in Taipei, where he is working with Bluetooth Technologies.

Researcher, Network Consultant

Benn Lines Ph.D has 21 years industrial experience in commercial networking and telecommunications projects with British Telecom and the World Bank, and has lectured in related topics for 25 years at both MSc and undergraduate levels. His principal research interests are focused around Quality of Service issues for Internet systems, but he is also involved in the supervision of IT security projects in the areas of intrusion detection and authentication. Dr Lines publishes in international journals and conferences, and is also significantly involved in network-related consultancy work for industry.

Technical Specialist in Internet-Based Mobile Telecommunications, Visiting Professor, University of Plymouth
UK

Paul Reynolds Ph.D is currently Orange’s technical specialist in Internet based mobile telecommunications and a Visiting Professor at the University of Plymouth, UK. Prior this he led European Community funded research into distributed computing for mobile telecommunications. His previous research focused upon network design and modelling techniques in which he has a PhD. He has published numerous technical papers, has presented many tutorials and short courses in various countries. Paul has also been the technical leader of the Mobile Wireless Internet Forum and is internationally recognised as an expert in ‘mobilising the Internet’. In 1994 he was elected as a Fellow of the IEE for his contributions within the field of Mobile Telecommunications.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com