{"title":"迈向入侵响应Intel","authors":"Kieran Hughes, K. Mclaughlin, S. Sezer","doi":"10.1109/CSR51186.2021.9527957","DOIUrl":null,"url":null,"abstract":"Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Towards Intrusion Response Intel\",\"authors\":\"Kieran Hughes, K. Mclaughlin, S. Sezer\",\"doi\":\"10.1109/CSR51186.2021.9527957\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.\",\"PeriodicalId\":253300,\"journal\":{\"name\":\"2021 IEEE International Conference on Cyber Security and Resilience (CSR)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Cyber Security and Resilience (CSR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSR51186.2021.9527957\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSR51186.2021.9527957","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
