The rapid expansion of the Internet of Things and the emergence of edge computing-based applications has led to a new wave of cyber-attacks, with intensity and complexity that has never been seen before. Historically most research has focused on Intrusion Detection Systems (IDS), however due to the volume and speed of this new generation of cyber-attacks it is no longer sufficient to solely detect attacks and leave the response to security analysts. Consequently, research into Intrusion Response Systems (IRS) is accelerating rapidly. As such, new intrusion response approaches, methods and systems have been investigated, prototyped, and deployed. This paper is intended to provide a comprehensive review of the state of the art of IRSs. Specifically, a taxonomy to characterize the lifecycle of IRSs ranging from response selection to response deployment and response implementation is presented. A 10-phase structure to organize the core technical constituents of IRSs is also presented. Following this, an extensive review and analysis of the literature on IRSs published during the past decade is provided, and further classifies them into corresponding phases based on the proposed taxonomy and phase structure. This study provides a new way of classifying IRS research, thus offering in-depth insights into the latest discoveries and findings. In addition, through critical analysis and comparison, expert views, guidance and best practices on intrusion response approaches, system development and standardization are presented, upon which future research challenges and directions are postulated.

翻译：物联网的快速扩展以及基于边缘计算应用的兴起，引发了一波前所未有、强度与复杂度兼具的网络攻击浪潮。历史上，多数研究聚焦于入侵检测系统（IDS），然而，由于新一代网络攻击的规模与速度，仅靠检测攻击并将响应工作留给安全分析师已不再足够。因此，针对入侵响应系统（IRS）的研究正在快速加速。为此，新的入侵响应方法、技术与系统已被研究、原型化并部署。本文旨在对IRS领域的最新进展进行全面综述。具体而言，本文提出了一种用于刻画IRS生命周期（从响应选择到响应部署与实施）的分类体系，并构建了一个包含十个阶段的框架来组织IRS的核心技术组成部分。在此基础上，本文对过去十年间发表的IRS相关文献进行了广泛回顾与分析，并根据所提出的分类体系和阶段结构将其归入相应阶段。本研究提供了一种新的IRS研究分类方式，从而深入洞察最新发现与成果。此外，通过批判性分析与比较，本文提出了关于入侵响应方法、系统开发及标准化的专家观点、指导原则与最佳实践，并据此推断了未来的研究挑战与方向。