Informing the decision process in an automated intrusion response system

Allen, 2000 Bace, 2001 Carver Jr CA, Hill JMD, Pooch UW. Limiting uncertainty in intrusion response. In: Second annual IEEE systems, man, and cybernetics information assurance and security workshop, West Point, New York; June 5–6, 2001. Davey J. The CCTA risk analysis and management methodology (CRAMM). Current perspectives in healthcare computing; 1991. p. 360–5. Doyle, 2003 ISS. RealSecure SiteProtector Security Fusion Module 2.0: Frequently Asked Questions Mandia, 2001 MIT, 2001 Nmap Papadaki M. Classifying and responding to network intrusions, PhD thesis. Plymouth, United Kingdom: University of Plymouth; 2004. Papadaki M, Furnell SM. Automating the process of intrusion response. In: Proceedings of the fifth Australian information warfare & security conference, 25–26 November, Perth Western, Australia; 2004. Papadaki M, Furnell SM, Lines BM, Reynolds PL. A response-oriented taxonomy of IT system intrusions. In: Roccetti M, editor. Proceedings of Euromedia 2002, 15–17 April, Modena, Italy; 2002. p. 87–95. Porras, 1997, EMERALD: event monitoring enabling responses to anomalous live disturbances SANS, 2004 Singh H. A correlation framework for continuous user authentication using data mining, PhD thesis. Plymouth, United Kingdom: University of Plymouth; 2003. Toth, 2002, Evaluating the impact of automated intrusion response mechanisms