Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.
|Title of host publication
|Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience (CSR 2021)
|Institute of Electrical and Electronics Engineers Inc.
|Number of pages
|Published - 26 Jul 2021
|2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021 - Virtual, Rhodes, Greece
Duration: 26 Jul 2021 → 28 Jul 2021
|Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021
|2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021
|26/07/2021 → 28/07/2021
Bibliographical notePublisher Copyright:
© 2021 IEEE.
ASJC Scopus subject areas
- Artificial Intelligence
- Computer Networks and Communications
- Information Systems and Management
- Safety, Risk, Reliability and Quality