Active Response

Porras and Neumann's EMERALD IDS

P. A. Porras and P. G. Neumann, "EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances," presented at 20th National Information Systems Security Conference, 1997.

Crosbie and Spafford's tech report

M. Crosbie and G. Spafford, "Active Defense of a Computer System Using Autonomous Agents," Purdue University, West Lafayette, IN, Technical Report 95-008, February 1995.

Using sleepy watermark tracing (SWT) to trace the detected intrusion that utilizing stepping stone to disguise its origin in real-time

X. Wang, D. S. Reeves, and S. F. Wu, "Tracing Based Active Intrusion Response," Journal of Information Warfare, vol. 1, 2001.

A method to dynamically alter the exposure of a host to contain an intrusion when it occurs

A. Gehani and G. Kedem, "RheoStat: Real-time Risk Management," presented at 7th International Symposium, RAID 2004, Sophia Antipolis, France, 2004.

Article on Symbiot's IDS

ABSTRACT: In this paper we present a tool designed to intercept attacks at the host where they are launched so as to block them before they reach their targets. The tool works both for attacks targeted on the local host and on hosts connected to the network

D. Bruschi and E. Rosti, "AngeL: A Tool To Disarm Computer Systems," presented at 2001 Workshop on New Security Paradigms, Cloudcroft, New Mexico, 2001.

Response article to Symbiot Inc.'s new IDS that can respond