Towards intrusion response intel

Kieran Hughes; Kieran McLaughlin; Sakir Sezer

doi:10.1109/CSR51186.2021.9527957

Towards intrusion response intel

Kieran Hughes, Kieran McLaughlin, Sakir Sezer

School of Electronics, Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.

Original language	English
Title of host publication	Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	337-342
Number of pages	6
ISBN (Electronic)	9781665402859
ISBN (Print)	9781665402866
DOIs	https://doi.org/10.1109/CSR51186.2021.9527957
Publication status	Published - 06 Sept 2021
Event	2021 IEEE International Conference on Cyber Security and Resilience - virtual, online, Rhodes, Greece Duration: 26 Jul 2021 → 28 Jul 2021

Conference

Conference	2021 IEEE International Conference on Cyber Security and Resilience
Abbreviated title	CSR 2021
Country/Territory	Greece
City	Rhodes
Period	26/07/2021 → 28/07/2021

Keywords

Intel
Intrusion
IRS
Response
Threat

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CSR51186.2021.9527957Licence: Unspecified

Automated intrusion response systems
Hughes, K. (Author), McLaughlin, K. (Supervisor) & Sezer, S. (Supervisor), Jul 2024
Student thesis: Doctoral Thesis › Doctor of Philosophy

File

Cite this

@inproceedings{a81990915919439881efc6c163bda7d7,

title = "Towards intrusion response intel",

abstract = "Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.",

keywords = "Intel, Intrusion, IRS, Response, Threat",

author = "Kieran Hughes and Kieran McLaughlin and Sakir Sezer",

year = "2021",

month = sep,

day = "6",

doi = "10.1109/CSR51186.2021.9527957",

language = "English",

isbn = "9781665402866",

pages = "337--342",

booktitle = "Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021 ; Conference date: 26-07-2021 Through 28-07-2021",

}

Hughes, K, McLaughlin, K & Sezer, S 2021, Towards intrusion response intel. in Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021. Institute of Electrical and Electronics Engineers Inc., pp. 337-342, 2021 IEEE International Conference on Cyber Security and Resilience, Rhodes, Greece, 26/07/2021. https://doi.org/10.1109/CSR51186.2021.9527957

TY - GEN

T1 - Towards intrusion response intel

AU - Hughes, Kieran

AU - McLaughlin, Kieran

AU - Sezer, Sakir

PY - 2021/9/6

Y1 - 2021/9/6

N2 - Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.

AB - Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.

KW - Intel

KW - Intrusion

KW - IRS

KW - Response

KW - Threat

U2 - 10.1109/CSR51186.2021.9527957

DO - 10.1109/CSR51186.2021.9527957

M3 - Conference contribution

AN - SCOPUS:85115730968

SN - 9781665402866

SP - 337

EP - 342

BT - Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 IEEE International Conference on Cyber Security and Resilience

Y2 - 26 July 2021 through 28 July 2021

ER -

Towards intrusion response intel

Abstract

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Student theses

Automated intrusion response systems

Cite this