Security Vulnerabilities and System Intrusions ? The need for Automatic Response Frameworks |
Addressing security vulnerabilities and system intrusions can represent a significant administrative overhead in current computer systems. Although technologies exist for both vulnerability scanning and for intrusion detection, the problems typically require some form of human intervention before they can be rectified. Evidence suggests that, in many cases, this can lead to omissions or oversights in terms of protection, as administrators are forced to prioritise their attention to security amongst various other tasks (particularly within smaller organisations, where a dedicated security administration function is unlikely to be found). As a result, mechanisms for automated response to the issues are considered to be advantageous. The paper describes the problems associated with vulnerability analysis and intrusion response, and then proceeds to consider how, at a conceptual level, the issues could be addressed within the framework of a wider architecture for intrusion monitoring.
Papadaki M, Magklaras GB, Furnell SM, Alayed A