| Title | Towards Intrusion Response Intel |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Hughes, Kieran, McLaughlin, Kieran, Sezer, Sakir |
| Conference Name | 2021 IEEE International Conference on Cyber Security and Resilience (CSR) |
| Date Published | jul |
| Keywords | Automated Secure Software Engineering, composability, Conferences, Intel, intrusion, Intrusion detection, IRS, Knowledge engineering, Natural languages, Network security, NIST, pubcrawl, resilience, Resiliency, Response, Threat, Tools |
| Abstract | Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed. |
| DOI | 10.1109/CSR51186.2021.9527957 |
| Citation Key | hughes_towards_2021 |
Towards Intrusion Response Intel