A Study On Intrusion Response Decision Technology Based On Risk

With the development of Internet, we have to face severe network security problems while benefiting from the great opportunities of information revolution. People have developed a number of security technologies and mechanisms to strengthen the security capability of computer network. Among the technologies, AIRS (Automated Intrusion Response System) is an important tool for the protection of network in the network security system. It can respond to the intrusion events immediately after it detects them, in order to reduce the damage of network attack to the minimum degree.To deal with a variety of complex intrusion events and network environment, a scientific and reasonable response decision mechanism is critical to the success of AIRS. Based on the deep analysis of architecture and decision policy of existing AIRS, a new response decision model is introduced in this paper. And we have achieved the following results on our research:1. Introducing risk assessment model to our AIRS, considering the risk as a key factor in the process of response decision.2. Introducing response goal to our AIRS, taking different measures according to different goals.3. Considering effective and negative impact of the response measures synthetically in the process of response decision4. Implementing the self-adaptation of our AIRS to some degree, which can adjust response plan according to risk changes.5. Designing and implementing an AIRS based on risk. And experiments demonstrated that the system could respond to attack events immediately and reasonably, reduce the risk of intrusion, so it has achieved the goal of our design.This paper first introduces the model structure, general features and different classification of IDS and IRS, then describes the intrusion response decision technology based on risk in detail, which is the key content of this paper. This paper puts its emphasis on two core modules of the system: risk assessment module and response decision module. Finally, the experimental result on the system is presented.