Active Response

Porras and Neumann's EMERALD IDS

P. A. Porras and P. G. Neumann, "EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances," presented at 20th National Information Systems Security Conference, 1997.

Crosbie and Spafford's tech report

M. Crosbie and G. Spafford, "Active Defense of a Computer System Using Autonomous Agents," Purdue University, West Lafayette, IN, Technical Report 95-008, February 1995.

Using sleepy watermark tracing (SWT) to trace the detected intrusion that utilizing stepping stone to disguise its origin in real-time

X. Wang, D. S. Reeves, and S. F. Wu, "Tracing Based Active Intrusion Response," Journal of Information Warfare, vol. 1, 2001.

A good summary of ethical properties in regards to active defense

Host or network protection is not achieved by strengthening their defenses but by weakening the enemy's offensive capabilities. A prototype tool has been implemented that demonstrates that such an approach is feasible and effective

D. Bruschi, C. L., and E. Rosti, "Less Harm, Less Worry or How To Improve Network Security by Bounding System Offensiveness," presented at 16th Annual Computer Security Applications Conference, New Orleans, Louisiana, 2000.

Chris Loomis, in this article attempts to generate discussion regarding response and its problems.

Tim Mullen's presentation at Defcon 2002 regarding strike-back in response to Nimda infections

Dave Dittrich's bibliography of active defense resources on the Internet. Lots of interesting reading

My thesis regarding Active Response.

Sergio Caltagirone, "Active Response," Master's Thesis in Computer Science. Moscow, ID: University of Idaho, 2005, pp. 183.

Department of Defense Dictionary of Military and Associated Terms. Defines 'active defense'