The rapid expansion of the Internet of Things and the emergence of edge computing-based applications has led to a new wave of cyber-attacks, with intensity and complexity that has never been seen before. Historically most research has focused on Intrusion Detection Systems (IDS), however due to the volume and speed of this new generation of cyber-attacks it is no longer sufficient to solely detect attacks and leave the response to security analysts. Consequently, research into Intrusion Response Systems (IRS) is accelerating rapidly. As such, new intrusion response approaches, methods and systems have been investigated, prototyped, and deployed. This paper is intended to provide a comprehensive review of the state of the art of IRSs. Specifically, a taxonomy to characterize the lifecycle of IRSs ranging from response selection to response deployment and response implementation is presented. A 10-phase structure to organize the core technical constituents of IRSs is also presented. Following this, an extensive review and analysis of the literature on IRSs published during the past decade is provided, and further classifies them into corresponding phases based on the proposed taxonomy and phase structure. This study provides a new way of classifying IRS research, thus offering in-depth insights into the latest discoveries and findings. In addition, through critical analysis and comparison, expert views, guidance and best practices on intrusion response approaches, system development and standardization are presented, upon which future research challenges and directions are postulated.
翻译:在历史上,大多数研究都集中在入侵探测系统(IDS)上,然而,由于这一新一代网络攻击的量和速度,它已经不足以仅仅探测攻击事件,使安全分析者能够作出反应。因此,对入侵反应系统的研究正在迅速加快,因此,对入侵反应系统(IRS)的研究正在迅速加快,对新的入侵反应方法、方法和系统进行了调查、原型和部署。本文件旨在全面审查IRS的先进技术状况。具体地说,对IRS生命周期进行分类分析,从反应选择到反应部署和执行。还介绍了组织IRS核心技术组成部分的10阶段结构。随后,对过去十年出版的IRS文献进行了广泛的审查和分析,并进一步根据拟议的税制和阶段结构将它们分类为相应的阶段。本研究报告旨在全面审查IRS的艺术状况。具体地说,将IRS的生命周期描述从反应选择到反应部署和反应实施不等。本研究报告提出了一种分类方法,对IRS研究的周期进行了新的分类。通过对最新分析,对深入的研究结果进行了新的分析,从分析到对IRS的发展方法进行了新的分析。</s>