A response selection model for intrusion response systems: Response Strategy Model (RSM)

Nor Badrul Anuar*, Maria Papadaki, Steven Furnell, Nathan Clarke

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

<jats:title>ABSTRACT</jats:title><jats:p>Intrusion response systems aim to provide a systematic procedure to respond to incidents. However, with different type of response options, an automatic response system is designed to select appropriate response options automatically in order to act fast to respond to only true and critical incidents as well as minimise their impact. In addition, incidents also can be prioritised into different level of priority where some incidents may cause a serious impact (i.e. high priority) and other may not (i.e. low priority). The existing strategies inherit some limitation such as using complex approaches and less efficient in mapping appropriate response based upon incidents' priority. Therefore, this study introduces a model called response strategy model to address the aforementioned limitation. In order to validate, it was evaluated using two datasets: DARPA 2000 and private dataset. The case study results have shown a significant relationship between the incident classification and incident priorities where false incidents are likely to be categorised as low priority and true incidents are likely to be categorised as the high priority. In particular, with response strategy model, an average of 92.68% of the false incidents was prioritised as the lowest priority is better compared with only 67.07% with Snort priority. Copyright © 2013 John Wiley &amp; Sons, Ltd.</jats:p>
Original languageEnglish
Pages (from-to)1831-1848
Number of pages0
JournalSecurity and Communication Networks
Volume7
Issue number11
Early online date7 Nov 2013
DOIs
Publication statusPublished - Nov 2014

Fingerprint

Dive into the research topics of 'A response selection model for intrusion response systems: Response Strategy Model (RSM)'. Together they form a unique fingerprint.

Cite this