| With the continuous development of Internet, network intrusion techniques are also keeping improving, which made Internet face greater threats. Now, many security research orgnizations and security product corporations have shift their key research to the research and development of Intrusion Detection System. But intrusion response is always a difficulty in the IDS development, and there is no product that had a perfect response system. While a system can't response the intrusion in time after they detect intrusions and take effective actions, the Intrusion Detection System will have little meaning. Therefore, as the enhancing of detection technology, the emphasis of IDS's research will switch to response mechanism. A model of automatic intrusion response system is implemented based on the Snort in this paper.Alarm repeat heavily, which costs lots of responding time and system resources, is a very big disadvantage in intrusion detection. Thereby, this paper clusters the same alarms or similar ones according to classified standard proposed by Lincoln Libraries of MIT. This way will effectively decrease numbers of repeating alarm and increase efficiency of responding. And this paper eliminates the immune alarms, which are real intrusions and has no harm to the destination systems, through the way of cost sensitivity model by Wenke Lee.During the procedure of realizing intrusion responding decisions, response imminence is used for degrees of doing harms after an intrusion. Response imminence, which is restricted by intrusions and destination system, is a key factor in responding and decisions unit and an important reference for making decisions of responding. Responding decisions and actions are automatically made by responding processing units.Finally, the automatically intrusion responding system is proved effective and valuable by experiments. |
PDF Full Text Request