A framework for adaptive, cost-sensitive intrusion detection and response system

摘要: Intrusion detection has been at the center of intense research in last decade owing to rapid increase sophisticated attacks on computer systems. Typically, intrusion refers a variety techniques for detecting form malicious and unauthorized activities. There are three broad categories approaches: (a)  misuse-based technique that relies pre-specified attack signatures, (b) anomaly-based approach, typically depends normal patterns classifying any deviation from as malicious; (c)  specification-based although operates similar fashion anomaly-based employs model valid program behavior specifications requiring user expertise. When intrusive is detected, it desirable take (evasive and/or corrective) actions thwart ensure safety computing environment. Such countermeasures referred response. Although response component often integrated with Detection System (IDS), receives considerably less attention than IDS inherent complexity developing deploying an automated fashion. As such, traditionally, triggering left part administrators responsibility, high-degree In this work we present approach based monitoring abnormal behavior. The proposed effectively combines advantages approaches recognizing known through unknown using machine-learning algorithm. combination not only allows adaptation new patterns, but also provides method automatic development specifications. addition detection, our framework incorporates preemptive By preemption, imply before monitored pattern classified completely intrusion. deployment likely stop can affect system. However, preemption inherently suffers false positives; i.e., responses deployed deter correct execution which may look its initial phase. To reduce positives, have developed multi-phase selection mechanism evaluation cost information system damage caused by potential candidate responses.