NAIR: A Novel Automated Intrusion Response System based on Decision Making Approach
In recent years, automated intrusion response has become a promising research problem in network security. Several approaches have been proposed to perform an effective automated response policy. However, these approaches have some limitations, i.e., heavily depending on attack alerts and not taking in account uncertainty of system runtime state. In this paper, we present a comprehensive sequential decisionmaking based automated intrusion response approach. We utilize different decision approaches and models to respectively represent and reason about attack activities and system runtime state in view of their different dynamic nature. We perform some experiments to validate proposed approach and the results show that our approach has good performance in response accuracy to different attack scenarios and robustness against false alerts.
component automated intrusion response POMDP HMM cost function alaysis
Xin Zan Feng Gao Jiuqiang Han Xiaoyong Liu Jiaping Zhou
Department of Automation Xian Jiaotong University Xian,Shannxi province,P.R.China
国际会议
2010 IEEE信息与自动化国际会议(ICIA 2010)
哈尔滨
英文
1-6
2010-06-20(万方平台首次上网日期,不代表论文的发表时间)