Research On The Cost-Based Adaptive Intrusion Response System

With fast development and popularity of internet, not only is the number of intrusion in the net larger and larger, but also are the intrusion means more and more complex. The intrusion response system becomes very important. Now, intrusion response is mainly carried out in the intrusion detection system, and the response means is mainly manual response, so the capability of response is limited. To responding intrusion fast and timely, many automatic response technology is on the research for the intrusion response.Adaptive technology is one of the important automatic intrusion response technologies. It can deal with many uncertain factors, automatically adjust intrusion tactics. It is also the base of other automatic intrusion response technologies. The paper is researching on adaptive intrusion response technologies. The primary work is as follows:First, the cost evaluate definition which can be used in intrusion response system is presented. Considering the problem of cost evaluates in the intrusion response system, analyses the theory of cost evaluates, the paper expatiates a new cost evaluate definition which is more universal. The rules could evaluate many different intrusions' damage cost and response cost.Second, the cost-sensitive based adaptive intrusion response system is designed. Considering the problem of responding the intrusion regardless the cost in the intrusion response system, the paper improves on the former system, presents the cost based adaptive intrusion response system model, and adds cost-sensitive model. The system applies the cost evaluation definition, evaluates damage cost and response cost, and decides if or not responding based on the result of compares the two costs. So some unnecessary resource waste is avoided, and the finite resource can be made use of effectively.Finally, the paper carried out the system model in Java language as the application of the research, simulates intrusion incidents attacking the system. Bye summarizing various factors' capabilities and anglicizing the shortage in the system, the paper provide the development direction and precious experience for the further research.