Strasburg, Chris , Stakhanova, Natalia, Basu, Samik and Wong , Johnny (2008) The Methodology for Evaluating Response Cost for Intrusion Response Systems. Technical Report 08-12, Computer Science, Iowa State University.
Recent advances in the field of intrusion detection brought
new requirements to intrusion prevention and response. Traditionally, the response to the detected attack was selected
and deployed manually, in the recent years the focus has
shifted towards developing automated and semi-automated
methodologies for responding to intrusions. In this context,
the cost-sensitive intrusion response models have gained the
most interest mainly due to their emphasis on the balance
between potential damage incurred by the intrusion and cost
of the response. However, one of the challenges in applying
this approach is defining consistent and adaptable measurement of these cost factors on the basis of requirements and
policy of the system being protected against intrusions.
In this paper we present a structured methodology for evaluating cost of responses based on three factors: the response
operational cost associated with the daily maintenance of the
response, the response goodness that measures the applicability of the selected response for a detected intrusion and
the response impact on the system that refers to the possible
response effect on the system functionality. The proposed
approach provides consistent basis for response evaluation
across different systems while incorporating security policy
and properties of specific system environment. We demonstrate the advantages of the proposed cost model and evaluate it on the example of three systems.
Contact site administrator at: firstname.lastname@example.org