Towards automated incident handling: how to select an appropriate response against a network-based attack?

Sven Ossenbühl, Jessica Steinberger, Harald Baier

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    20 Citations (Scopus)
    196 Downloads (Pure)


    The increasing amount of network-based attacks evolved to one of the top concerns responsible for network infrastructure and service outages. In order to counteract these threats, computer networks are monitored to detect malicious traffic and initiate suitable reactions. However, initiating a suitable reaction is a process of selecting an appropriate response related to the identified network-based attack. The process of selecting a response requires to take into account the economics of an reaction e.g., risks and benefits. The literature describes several response selection models, but they are not widely adopted. In addition, these models and their evaluation are often not reproducible due to closed testing data. In this paper, we introduce a new response selection model, called REASSESS, that allows to mitigate network-based attacks by incorporating an intuitive response selection process that evaluates negative and positive impacts associated with each countermeasure. We compare REASSESS with the response selection models of IE-IRS, ADEPTS, CS-IRS, and TVA and show that REASSESS is able to select the most appropriate response to an attack in consideration of the positive and negative impacts and thus reduces the effects caused by an network-based attack. Further, we show that REASSESS is aligned to the NIST incident life cycle. We expect REASSESS to help organizations to select the most appropriate response measure against a detected network-based attack, and hence contribute to mitigate them.
    Original languageUndefined
    Title of host publicationProceedings of the 9th International Conference on IT Security Incident Management & IT Forensics (IMF 2015)
    Place of PublicationUSA
    PublisherIEEE Computer Society
    Number of pages17
    ISBN (Print)978-1-4799-9902-6
    Publication statusPublished - 18 May 2015
    Event9th International Conference on IT Security Incident Management & IT Forensics, IMF 2015 - Magdeburg, Germany
    Duration: 18 May 201520 May 2015

    Publication series

    PublisherIEEE Computer Society


    Conference9th International Conference on IT Security Incident Management & IT Forensics, IMF 2015
    Other18-20 May 2015


    • EWI-25483
    • METIS-312465
    • IR-96442

    Cite this