Analysis of Response Factors in Intrusion Response Decision-Making

The concept of response factor and its significances are briefly introduced in this paper. The existing response decision-making models and their related response factors are presented. According to the practical meaning of these response factors, their names are unified for the convenience of discussion. The statistics of response factors in typical response decision-making models are made, meanwhile these response factors are classified according to the proposed standards including related feature, subjective and objective feature, and original feature. In order to choose proper factors in response time decision-making and response measure decision-making processes respectively, a taxonomy of response factors is given. In addition, the problems of the improper response factor used in existing response decision-making models are indicated in the paper. The architecture, response decision-making process and experiments of the intrusion detection alert management & intrusion response system (IDAM&IRS) are shown. Especially, response factors used in IDAM&IRS are discussed in detail. The role and function of response factors are summarized at last.