Adaptation techniques for intrusion detection and intrusion response systems

摘要

The paper examines techniques for providing adaptation in intrusion detection and intrusion response systems. As attacks on computer systems are becoming increasingly numerous and sophisticated, there is a growing need for intrusion detection and response systems to dynamically adapt to better detect and respond to attacks. The Adaptive Hierarchical Agent-based Intrusion Detection System (AHA! IDS) provides detection adaptation by adjusting the amount of system resources devoted to the task of detecting intrusive activities. This is accomplished by dynamically invoking new combinations of lower level detection agents in response to changing circumstances and by adjusting the confidence associated with these lower-level agents. The Adaptive Agent-based Intrusion Response System (AAIRS) provides response adaptation by weighting those responses that have been successful in the past over those techniques that have not been as successful. As a result, the more successful responses are used more often than the less successful techniques. It also adapts responses based on the system's belief that intrusion detection reports are valid. Intuitively, adaptive detection and response systems will provide more robust protection than static, non-adaptive systems.