A Pragmatic Approach to Intrusion Response Metrics

The arms race between cyber attackers and defenders has evolved to the point where an effective counter-measure strategy requires the use of an automated, distributed, and coordinated response. A key difficulty in achieving this goal lies in providing reliable measures by which to select appropriate responses to a wide variety of potential intrusions in a diverse population of network environments. In this chapter, the authors provide an analysis of the current state of automated intrusion response metrics from a pragmatic perspective. This analysis includes a review of the current state of the art as well as descriptions of the steps required to implement current work in production environments. The authors also discuss the research gaps that must be filled to improve security professionals' ability to implement an automated intrusion response capability.