Towards intrusion response intel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.

Original languageEnglish
Title of host publicationProceedings of the 2021 IEEE International Conference on Cyber Security and Resilience (CSR 2021)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages337-342
Number of pages6
ISBN (Electronic)9781665402859
DOIs
Publication statusPublished - 26 Jul 2021
Event2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021 - Virtual, Rhodes, Greece
Duration: 26 Jul 202128 Jul 2021

Publication series

NameProceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021

Conference

Conference2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021
Country/TerritoryGreece
CityVirtual, Rhodes
Period26/07/202128/07/2021

Bibliographical note

Publisher Copyright:
© 2021 IEEE.

Keywords

  • Intel
  • Intrusion
  • IRS
  • Response
  • Threat

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Towards intrusion response intel'. Together they form a unique fingerprint.

Cite this