A foresight model for intrusion response management

摘要

Intrusion response system (IRS) is one of the most important components in the network security solution that selects appropriate countermeasures to handle the intrusion alerts. Recently, many techniques have been proposed in designing an automated IRS. However, one of the big challenges in intrusion response system which is not considered in the literature is the lack of standardization for intrusion responses. So, this paper investigates how to model and manage the intrusion responses. We present a multilevel response model that provides a high-level view of intrusion responses. We also propose a foresight model to estimate the response cost by considering IDS alerts, network dependencies, attack damage, response impact, and probability of potential attacks. Furthermore, a data model is defined to represent and exchange the intrusion response messages with a standard format.