Active Response to Computer Intrusions

David Dittrich, University of Washington

Kenneth Einar Himma, Seattle Pacific University

Introduction: The Concept of Active Response

Levels of Intrusion Response

Level 0—Unaware

Level 1—Involved

Level 2—Interactive

Level 3—Cooperative

Level 4—Noncooperative

Potential Technical Barriers for Intrusion Response

Volatility of Digital Information

Understanding Attack Methodology

Attribution

Involving Law Enforcement Agencies

Levels of Force: Benign Through Aggressive Responses

Benign

Intermediate

Aggressive

The Ethics of Active Response

Relevant Ethical Principles

An Evidentiary Restriction for Justifiably Acting under Ethical Principles

Evaluating Active Response under the Relevant Ethical Principles

The Inadequacy of Law Enforcement Efforts

The Legality of Active Response

The United States

Canada

The European Union

Legal Analogues of the Defense and Necessity Principles

Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION: THE CONCEPT OF ACTIVE RESPONSE

The active response continuum defines a category of digital response to unauthorized digital intrusions1 and hence falls within a wide spectrum of potential responses by private entities.2 At one end of the spectrum is the wholly passive, unknowing victim who relies entirely on just the inherent capabilities of the software that comes with the computer he or she purchased and who does not know when it is being attacked. At the other is the active, fully engaged victim ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.