Cost-based Intelligent Intrusion Detection and Response: Design and Implement
Flexible intrusion detection and response system (ID&R) needs to maximize security while minimizing cost and making response automatically. CI2D&R, the Cost-based Intelligent Intrusion Detection and Response System, is proposed in the paper, which is originally developed as a facility to deal with network-based attacks and to make effective response automatically and intelligently. The networking environment deployed with the CI2D&R consists of two major parts: Guard, which runs on the specific Guarded Host (GH), and Spy, which runs in Guarded Network (GN). The components of the CI2D&R are introduced, which include intrusion detection, attack classification, damage analysis, attack path rebuilding,resources automatically safeguarding, calamity recovery,and security Officer. The several kinds of data flow in CI2D&R are discussed, too. While CI2D&R is only a prototype, some experimental results are also presented.
intrusion detection and response ID&R IP traceback distributed denial-of-service attacks DDoS packet-marking traceback
Zhou Shijie Qin Zhiguang Luo Xucheng Zhang Xianfeng Zhang Feng Liu Jinde
College of Computer Science and Engineering University of Electronic Science and Technology of China Sichuan, Chengdu 610054, P.R.China
国际会议
成都
英文
166-170
2003-08-27(万方平台首次上网日期,不代表论文的发表时间)