Analysis of response factors in intrusion response decision-making

According to the practical meaning of these response factors, their names are unified for the convenience of discussion. The statistics of response factors in typical response decision-making models is made, meanwhile these response factors are classified according to the proposed standards including the relationship, the subjective and the objective feature, and the origin. In order to choose proper factors in response time decision-making and response measure decision-making processes respectively, a taxonomy of response factors is given. In addition, the problem of the improper response factor used in existing response decision-making models is indicated in the paper. The architecture, response decision-making process and experiments of the intrusion detection alert management & intrusion response system (IDAM&IRS) developed by the authors are shown. Especially, response factors used in IDAM&IRS are discussed in detail. The role and function of response factors are summarized at last.