Intelligent Automated Intrusion Response System based on fuzzy decision making and risk assessment

The most important aim of Automated Intrusion Response Systems (AIRSs) is selecting responses that impose less cost on the protected system and which are able to neutralize intrusions progress effectively. Cost-sensitive AIRSs use different methods to launch efficient responses. In this regard, risk assessment as a component for assessing intrusion danger on the system is introduced in many papers. However, most available risk assessment methods produce ambiguous results. Fuzzy logic is known as an effective method to be used in the process of risk assessment. This is mainly because fuzzy approach reduces the level of uncertainty of risk factors. To assess risk by fuzzy methods, risk parameters which are extracted from the traffic patterns are used as inputs of fuzzy systems. The aim of this paper is to introduce an AIRS based on fuzzy risk assessment to evaluate the risk of each intrusion in real time and apply a suitable response for protecting web applications. We also introduce a method for applying responses retroactively. The results of applied method show the effective performance of the proposed method in terms of cost-sensitivity and time to response.

[1]  Alireza Naghizadeh,et al.  Structural‐based tunneling: preserving mutual anonymity for circular P2P networks , 2016, Int. J. Commun. Syst..

[2]  Michel Dagenais,et al.  FEMRA: Fuzzy Expert Model for Risk Assessment , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[3]  Nora Cuppens-Boulahia,et al.  Risk-Aware Framework for Activating and Deactivating Policy-Based Response , 2010, 2010 Fourth International Conference on Network and System Security.

[4]  Yingjiu Li,et al.  An intrusion response decision-making model based on hierarchical task network planning , 2010, Expert Syst. Appl..

[5]  Julio Berrocal,et al.  Definition of response metrics for an ontology-based Automated Intrusion Response Systems , 2012, Comput. Electr. Eng..

[6]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[7]  Stephanie Forrest,et al.  Automated Response Using System-Call Delay , 2000, USENIX Security Symposium.

[8]  Michel Dagenais,et al.  ORCEF: Online response cost evaluation framework for intrusion response system , 2015, J. Netw. Comput. Appl..

[9]  Alireza Naghizadeh,et al.  Preserving receiver's anonymity for circular structured P2P networks , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).

[10]  Johnny S. Wong,et al.  A Framework for Cost Sensitive Assessment of Intrusion Response Selection , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[11]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[12]  Majid Hatamian,et al.  Congestion-Aware Routing and Fuzzy-based Rate Controller for Wireless Sensor Networks , 2016 .

[13]  Michael P. Howarth,et al.  Protection of MANETs from a range of attacks using an intrusion detection and prevention system , 2013, Telecommun. Syst..

[14]  Juraj Vaculík,et al.  FUZZY APPROACH TO RISK ANALYSIS AND ITS ADVANTAGES AGAINST THE QUALITATIVE APPROACH , 2012 .

[15]  Nigel J. Smith,et al.  Application of a fuzzy based decision making methodology to construction project risk assessment , 2007 .

[16]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[17]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[18]  Udo W. Pooch,et al.  Adaptive agent-based intrusion response , 2001 .

[19]  Michael P. Howarth,et al.  An intrusion detection & adaptive response mechanism for MANETs , 2014, Ad Hoc Networks.

[20]  Michel Dagenais,et al.  Intrusion Response Systems: Survey and Taxonomy , 2012 .