Enhancing Response in Intrusion Detection Systems

ABSTRACT

With rising levels of attacks and misuse, intrusion detection systems are an increasingly important security technology for IT environments. However, while intrusion detection has been the focus of significant research, the issue of response has received relatively little attention. The majority of systems focus response efforts towards passive methods, which serve to notify and warn, but cannot prevent or contain an intrusion. Where more active responses are available, they typically rely upon manual initiation. The paper examines the reasons for this, and argues that a more comprehensive and reliable response framework is required in order to facilitate further automation of active responses. A range of factors are identified that a software-based responder agent could assess in order to improve response selection, and thereby increase trust in automated solutions.


AUTHORS

Network Research Group of Engineering, University of Plymouth
UK

Maria Papadaki was born in Iraklio of Crete, Greece and studied Informatics in the Technological Educational Institute (T.E.I.) of Athens. After her graduation in November 1997, she worked for two years for the Library and the Network Operating Centre of the Athens School of Fine Arts. Funded by the State Scholarships Foundation (SSF) of Engineering at University of Plymouth, UK, and is currently a PhD student within the Network Research Group of the University. Current interests include intrusion detection and methods of automated system response.

Network Research Group, University of Plymouth, UK;
Adjunct Associate Professor, Edith Cowan University, Western Australia

Prof. Steven Furnell is the head of the Network Research Group at the University of Plymouth in the United Kingdom, and an Adjunct Associate Professor with Edith Cowan University in Western Australia. He specialises in computer security and has been actively researching in the area for fourteen years, with current areas of interest including security management, computer crime, user authentication, and security usability.

Prof. Furnell is a Fellow and Branch Chair of the British Computer Society (BCS), a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE), and a UK representative in International Federation for Information Processing (IFIP) working groups relating to Information Security Management (of which he is the current chair), Network Security, and Information Security Education. He is the author of over 160 papers in refereed international journals and conference proceedings, as well as the books Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). Further details can be found at www.network-research-group.org.

Researcher at the TamKang University
Taipei

Shih-Yao (Jim) Lee holds an MSC in Integrated Services and Intelligent Networks Engineering from University of Plymouth. His Masters project, entitled ‘Methods of Response to IT System Intrusions’, was conducted in association with the Network Research Group. Since completing the project, Jim has become a researcher at the TamKang University in Taipei, where he is working with Bluetooth Technologies.

Researcher, Network Consultant

Benn Lines Ph.D has 21 years industrial experience in commercial networking and telecommunications projects with British Telecom and the World Bank, and has lectured in related topics for 25 years at both MSc and undergraduate levels. His principal research interests are focused around Quality of Service issues for Internet systems, but he is also involved in the supervision of IT security projects in the areas of intrusion detection and authentication. Dr Lines publishes in international journals and conferences, and is also significantly involved in network-related consultancy work for industry.

Technical Specialist in Internet-Based Mobile Telecommunications, Visiting Professor, University of Plymouth
UK

Paul Reynolds Ph.D is currently Orange’s technical specialist in Internet based mobile telecommunications and a Visiting Professor at the University of Plymouth, UK. Prior this he led European Community funded research into distributed computing for mobile telecommunications. His previous research focused upon network design and modelling techniques in which he has a PhD. He has published numerous technical papers, has presented many tutorials and short courses in various countries. Paul has also been the technical leader of the Mobile Wireless Internet Forum and is internationally recognised as an expert in ‘mobilising the Internet’. In 1994 he was elected as a Fellow of the IEE for his contributions within the field of Mobile Telecommunications.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com