NAIR: A novel automated intrusion response system based on decision making approach

Author

Zan, Xin ; Gao, Feng ; Han, Jiuqiang ; Liu, Xiaoyong ; Zhou, Jiaping

Author_Institution

Dept. of Autom., Xi´´an Jiaotong Univ., Xi´´an, China

fYear

2010

fDate

20-23 June 2010

Firstpage

543

Lastpage

548

Abstract

In recent years, automated intrusion response has become a promising research problem in network security. Several approaches have been proposed to perform an effective automated response policy. However, these approaches have some limitations, i.e., heavily depending on attack alerts and not taking in account uncertainty of system runtime state. In this paper, we present a comprehensive sequential decision-making based automated intrusion response approach. We utilize different decision approaches and models to respectively represent and reason about attack activities and system runtime state in view of their different dynamic nature. We perform some experiments to validate proposed approach and the results show that our approach has good performance in response accuracy to different attack scenarios and robustness against false alerts.

Keywords

decision making; security of data; NAIR; decision making approach; network security; novel automated intrusion response system; Automation; Cost function; Decision making; Engines; Game theory; Hidden Markov models; Intrusion detection; Robustness; Security; Uncertainty; HMM; POMDP; automated intrusion response; component; cost function analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Information and Automation (ICIA), 2010 IEEE International Conference on

Conference_Location

Harbin

Print_ISBN

978-1-4244-5701-4

Type

conf

DOI

10.1109/ICINFA.2010.5512396

Filename

5512396