Taxonomy of intrusion risk assessment and response system

Adetunmbi, 2008, Network intrusion detection based on rough set and k-nearest neighbour, Int J Comput ICT Res, 2, 60

Ammann, 2002, Scalable, graph-based network vulnerability analysis, 217

Anuar, 2008, Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree, Malays J Comput Sci, 110

Anuar, 2010, An investigation and survey of response options for intrusion response systems, 1

Arnes, 2005, Real-time risk assessment with network sensors and intrusion detection systems, 388, 10.1145/586110.586140

Balepin, 2003, Using specification-based intrusion detection for automated response, 136

Berkhin, 2001

Bowen, 2000, Building survivable systems: an integrated approach based on intrusion detection and damage containment, 84

Carver, 2000, An intrusion response taxonomy and its role in automatic intrusion response

Carver, 2000, A methodology for using intelligent agents to provide automated intrusion response, 110

Chen, 2004, Policy management for network-based intrusion detection and prevention

Chen, 2007, Value driven security threat modeling based on attack path analysis

Cuppens, 2000, Lambda: a language to model a database for detection of attacks, 197

Curtis, 2001

Dantu, 2004, Risk management using behavior based attack graphs, 445

Davis, 2011, Data preprocessing for anomaly based network intrusion detection: a review, Comput Secur, 30, 353, 10.1016/j.cose.2011.05.008

Difference between Signature Based and Anomaly Based Detection in IDS, URL http://www.secguru.com/forum/difference between signature based and anomaly based detection in ids.

Ekelhart, 2007, Security ontologies: improving quantitative risk analysis

Feng, 2009, Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation, J Netw Comput Appl, 32, 721, 10.1137/1.9781611972733.3

Fisch, 1996

Foo, 2005, ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment, 508

Gehani, 2004, Rheostat: real-time risk management, 296

Goubault-Larrec, 2001

Han, 2006

Haslum, 2007, DIPS: a framework for distributed intrusion prediction and prevention using Hidden Markov Models and online fuzzy risk assessment, 183

Haslum, 2008, Real-time intrusion prevention and security analysis of networks using HMMs, 927

Haslum, 2008, Fuzzy online risk assessment for distributed intrusion prediction and prevention systems, 216

Hulitt, 2010, Information system security compliance to FISMA standard: a quantitative measure, Telecommun Syst, 45, 139, 10.1007/s11235-009-9248-8

Jahnke, 2007, Graph-based metrics for intrusion response measures in computer networks, 1035

Jha, 2002, Two formal analyses of attack graphs

Kanoun, 2007, Advanced reaction using risk assessment in intrusion detection systems, 58

Kanoun, 2008, Automated reaction based on risk analysis and attackers skills in intrusion detection systems, 117

Kanoun, 2010, Risk-aware framework for activating and deactivating policy-based response, 207, 10.1109/CSAC.2002.1176302

Karabacak, 2005, ISRAM: information security risk analysis method, Comput Secur, 24, 147, 10.1016/j.cose.2004.07.004

Kheir, 2010

Kheir, 2009, Cost evaluation for intrusion response using dependency graphs

Kheir, 2010, A service dependency model for cost sensitive intrusion response, 626

Lazarevic, 2003, A comparative study of anomaly detection schemes in network intrusion detection

Lee, 2002, Toward cost-sensitive modeling for intrusion detection and response, J Comput Secur, 10, 5, 10.3233/JCS-2002-101-202

Lee, 2006, Real-time analysis of intrusion detection alerts via correlation, Comput Secur, 25, 169, 10.1016/j.cose.2005.09.004

Lewandowski, 2001, SARA: survivable autonomic response architecture, 77

Lin, 2013, Creditability-based weighted voting for reducing false positives and negatives in intrusion detection, Comput Secur, 39, 460, 10.1016/j.cose.2013.09.010

Lo, 2012, A hybrid information security risk assessment procedure considering interdependences between controls, Expert Syst Appl, 39, 247, 10.1016/j.eswa.2011.07.015

MIT Lincoln Laboratory, 2000

Mu, 2010, An intrusion response decision-making model based on hierarchical task network planning, Expert Syst Appl, 37, 2465, 10.1016/j.eswa.2009.07.079

Mu, 2008, Online risk assessment of intrusion scenarios using D–S evidence theory, 35

Musman, 2000, System or security managers adaptive response tool, 56

Noel, 2005, Understanding complex network attack graphs through clustered adjacency matrices, 160, 10.1109/HICSS.2007.601

Papadaki, 2006, Achieving automated intrusion response: a prototype implementation, Inf Manag Comput Secur, 14, 235, 10.1108/09685220610670396

Porras, 1997, EMERALD: event monitoring enabling responses to anomalous live disturbances, Natl Inf Syst Secur Conf, 353

Ragsdale, 2000, Adaptation techniques for intrusion detection and intrusion response system, 2344

Sabhnani, 2003, Formulation of a heuristic rule for misuse and anomaly detection for U2R attacks in Solaris operating system environment, 390

Savage, 2000, Practical network support for IP traceback, 295

Scarfone, 2007

Schnackenberg, 2001, Cooperative intrusion traceback and response architecture (CITRA), 56

Shameli-Sendi, 2012, Intrusion response systems: survey and taxonomy, Int J Comput Sci Netw Secur, 12, 1

Shiravi, 2012, Toward developing a systematic approach to generate benchmark datasets for intrusion detection, Comput Secur, 31, 357, 10.1016/j.cose.2011.12.012

Somayaji, 2000, Automated response using system-call delay, 185

Spathoulas, 2010, Reducing false positives in intrusion detection systems, Comput Secur, 29, 35, 10.1016/j.cose.2009.07.008

Stakhanova, 2007

Stakhanova, 2007, A cost-sensitive model for preemptive intrusion response systems, 428

Stakhanova, 2007, Taxonomy of intrusion response systems, J Inf Comput Secur, 1, 169

Stein, 2005, Decision tree classifier for network intrusion detection with GA-based feature selection, 136, 10.1145/1167253.1167288

Strasburg, 2009, A framework for cost sensitive assessment of intrusion response selection, 355

Strasburg, 2008

Tanachaiwiwat, 2002, Adaptive intrusion response to minimize risk over multiple network attacks, ACM Trans Inf Syst Secur, 1

The Snort Project, 2009

Totel, 2004, A language driven intrusion detection system for event and alert correlation, 209

Toth, 2002, Evaluating the impact of automated intrusion response mechanisms

University of California. KDD Cup 1999 data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

Wang, 2001, Tracing based active intrusion response, J Inf Warefare, 1, 50

Wang, 2006, Using attack graph for correlating, hypothesizing, and predicting intrusion alerts, Comput Commun, 29, 2917, 10.1016/j.comcom.2006.04.001

Wang, 2008, An attack graph-based probabilistic security metric

Wang, 2013, Exploring attack graph for cost-benefit security hardening: a probabilistic approach, Comput Secur, 32, 158, 10.1016/j.cose.2012.09.013

Wei, 2001, Cost-benet analysis for network intrusion detection systems

White, 1996, Cooperating security managers: a peer-based intrusion detection system, IEEE Netw, 10, 20, 10.1109/65.484228

Xiao, 2010, A novel data mining-based method for alert reduction and analysis, J Netw, 5, 88

Yusof, 2009

Zhang, 2008, Attack grammar: a new approach to modeling and analyzing network attack sequences, 215

Zhang, 2009, Measuring IDS-estimated attack impacts for rational incident response: a decision theoretic approach, Comput Secur, 28, 605, 10.1016/j.cose.2009.03.005

Zhang, 2011, Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks, Comput Secur, 30, 525, 10.1016/j.cose.2011.06.002

Zhou, 2010, A survey of coordinated attacks and collaborative intrusion detection, Comput Secur, 29, 124, 10.1016/j.cose.2009.06.008