An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning
An intrusion response decision-making model based on hierarchical task network (HTN) planning is presented in the paper. Compared with other response decision-making models, the response decision-making model consists of not only the response measure decision-making process but also response time de...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2010
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/1326 http://dx.doi.org/10.1016/j.eswa.2009.07.079 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-2325 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-23252011-02-22T01:30:19Z An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning MU, Chengpo LI, Yingjiu An intrusion response decision-making model based on hierarchical task network (HTN) planning is presented in the paper. Compared with other response decision-making models, the response decision-making model consists of not only the response measure decision-making process but also response time decision-making process that is firstly proposed in the paper. The response time decision-making model is able to determine response time for different response HTN subtasks. Owing to the introduction of the response time decision-making, the intrusion response system can apply different response strategies to achieve different response goals set by administrators. The proposed response measure decision-making model can optimize a response plan by balancing the response effectiveness and the response negative impact in both a single response measure and a set of response measures. The response decision-making model is self-adaptive and has the ability of tolerating to false positive IDS alerts. The proposed model has been used in the intrusion detection alert management and intrusion response system (IDAM&IRS) developed by us. The functions and architecture of IDAM&IRS are introduced in this paper. In addition, the intrusion response experiments of IDAM&IRS are presented, and the features of the response decision-making model are summarized. 2010-01-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/1326 info:doi/10.1016/j.eswa.2009.07.079 http://dx.doi.org/10.1016/j.eswa.2009.07.079 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Automated intrusion response system Hierarchical task network planning Intrusion response decision-making Intrusion detection Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Automated intrusion response system Hierarchical task network planning Intrusion response decision-making Intrusion detection Information Security |
| spellingShingle |
Automated intrusion response system Hierarchical task network planning Intrusion response decision-making Intrusion detection Information Security MU, Chengpo LI, Yingjiu An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning |
| description |
An intrusion response decision-making model based on hierarchical task network (HTN) planning is presented in the paper. Compared with other response decision-making models, the response decision-making model consists of not only the response measure decision-making process but also response time decision-making process that is firstly proposed in the paper. The response time decision-making model is able to determine response time for different response HTN subtasks. Owing to the introduction of the response time decision-making, the intrusion response system can apply different response strategies to achieve different response goals set by administrators. The proposed response measure decision-making model can optimize a response plan by balancing the response effectiveness and the response negative impact in both a single response measure and a set of response measures. The response decision-making model is self-adaptive and has the ability of tolerating to false positive IDS alerts. The proposed model has been used in the intrusion detection alert management and intrusion response system (IDAM&IRS) developed by us. The functions and architecture of IDAM&IRS are introduced in this paper. In addition, the intrusion response experiments of IDAM&IRS are presented, and the features of the response decision-making model are summarized. |
| format |
text |
| author |
MU, Chengpo LI, Yingjiu |
| author_facet |
MU, Chengpo LI, Yingjiu |
| author_sort |
MU, Chengpo |
| title |
An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning |
| title_short |
An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning |
| title_full |
An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning |
| title_fullStr |
An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning |
| title_full_unstemmed |
An Intrusion Response Decision-Making Model Based on Hierarchical Task Network Planning |
| title_sort |
intrusion response decision-making model based on hierarchical task network planning |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2010 |
| url |
https://ink.library.smu.edu.sg/sis_research/1326 http://dx.doi.org/10.1016/j.eswa.2009.07.079 |
| _version_ |
1770570966933438464 |