Jahnke, MarkoThul, ChristianMartini, PeterAlkassar, AmmarSiekmann, Jörg2019-04-032019-04-032008978-3-88579-222-2https://dl.gi.de/handle/20.500.12116/21491This contribution presents a comparison of metrics used in different ap- proaches for selecting appropriate intrusion response measures in the case of attacks against computer systems and networks. Most of the work is focused on Denial-of- Service (DoS) attacks. Besides an overview on the techniques and frameworks known from earlier and recent literature, an alternative approach is presented which models the effects of attacks and according response actions in a dynamic fashion, using directed graphs. Certain properties of the graphs are utilized to quantify different response metrics, closely aligned to the pragmatic view of a network security officer. Subsequently, the different metrics are compared and their advantages and disadvantages are discussed in the light of applicability in real-world networks.enText/Conference Paper1617-5468