Publication details

Home Publications Publication details

An investigation and survey of response options for Intrusion Response Systems (IRSs)
Anuar NB, Papadaki M, Furnell SM, Clarke NL
Proceedings of the 9th Annual Information Security South Africa Conference, Sandton, South Africa, 2 - 4 August, pp1-8, ISBN: 978-1-4244-5493-8, 2010
Links:  External link available

The rise of attacks and incidents need additional and distinct methods of response. This paper starts a discussion by differentiating the type of operation mode such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs) and Intrusion Response Systems (IRSs). Using characteristics of response and attack time frame, a response model is proposed to distinguish between active and passive response options. The characteristics of response include level of operations, speed and time of response, ability to learn and ability to cooperate with other devices. This paper uses the attack time frame as a response model to show the relationship between active and passive response. Furthermore, the Response Model for Intrusion Response Systems shows some other different approaches and stages of active response. Finally, in order to investigate the most common response used by security practitioner and to justify the response model, studies involving 34 samples products from both commercial and non-commercial are analysed. As a result, this paper shows a clear distinction between the options of responses.

Anuar NB, Papadaki M, Furnell SM, Clarke NL