Self-Healing Intrusion Detection System Concept

摘要

One of the most important open research questions in cyber security is the ability of the system to intelligently detect new previously unseen threats, and react to them in such a way that minimizes the damage and potentially removes the threat altogether. This paper presents a concept of an intrusion detection system based on anomaly detection and danger signals recognition. The system monitors events in the environment, constructs patterns of event sequences, and finds strange and anomalous patterns. If any dangerous symptoms are detected in the environment, the system matches them to the timeline of events and finds a pattern that may have caused the symptoms. It then triggers the defence mechanism and notifies other instances of the system about dangerous event sequences.