Automated Intrusion Response Decision Based on the Analytic Hierarchy Process

The traditional intrusion detection systems (IDSs) play an important role in monitoring our network, but they lack abilities in automated intrusion response. Nowadays with the rapidly increased complexity and speed of the attacks spread, there has an urgent need in automated intrusion response. This field has already aroused wide concern. The main obstacle now lies in that accurate measurement of those factors related to response decision is a big challenge. As the analytic hierarchy process (AHP) uses pairwise comparison to those influence factors, it avoids the problems of accurate quantification. This paper presents a response decision manner based on the AHP, and gives a detail description in the hierarchy built, the criterions selected, the matrixes listed, and the weights calculated. Empirical experiments show that our manner is practicable.

[1]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[2]  Mohamed Hamdi,et al.  Automated Intrusion Response System: Surveys and Analysis , 2008, Security and Management.

[3]  Tian Shengfeng Fuzzy Cognitive Maps for Decision Support in Automatic Intrusion Response Mechanism , 2005 .

[4]  Fred Cohen,et al.  Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[5]  Shi Jin,et al.  Dynamic Intrusion Response Based on Game Theory , 2008 .

[6]  T. Saaty,et al.  The Analytic Hierarchy Process , 1985 .

[7]  Karl N. Levitt,et al.  Using Specification-Based Intrusion Detection for Automated Response , 2003, RAID.

[8]  T. Basar,et al.  Intrusion Response as a Resource Allocation Problem , 2006, Proceedings of the 45th IEEE Conference on Decision and Control.

[9]  T. Saaty Analytic Hierarchy Process , 2005 .

[10]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.

[11]  Christopher Krügel,et al.  Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[12]  Steven Furnell,et al.  Achieving automated intrusion response: a prototype implementation , 2006, Inf. Manag. Comput. Secur..

[13]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[14]  William A. Arbaugh,et al.  A trend analysis of exploitations , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[15]  Gong Jian Intrusion Response Decision Model Based on Effect Evaluation Feedback , 2007 .