Research Of Intrusion Detection Forecast Module Based On Replicator Dynamics

With the continuous development and the popularity of computer networks, Intrusions has significantly being increasing, and the types of attacks also become more and more complicated, which make intrusion detection system(IDS) for the protection of the system particularly important. Intrusion Response is one of the most important components in IDS. However, the effectiveness of the responses is limited because most of them are handled in a manual way. In order to respond quickly and correctly, scientists has studies a variety of automatic response technologies.Adaptive response technology is one of the most important technologies in automatic IDS, which can handle uncertain factors, automatically adjust response strategy, while at the same time, is the basis for any other automatic response technologies. This paper is researching IDS with adaptive response. Main works are as followings:First, based on Evolution Game Theory, a forecast mode that can be used in IDS is proposed. After considering the cost and avenue of the players, with the theory of replicator dynamics, we modulate the dynamics changes between the IDS and Intruders'group with different rates of strategies, and forecast the trend of the use of strategies in the long time under current situation. With the help of the trend of the forecast, IDS can do intelligent analysis, adaptively respond and modify its strategy, to effectively defend the attacker.Then in order to verify the correctness of the results of these studies, DARPA data from MIT Lincoln Lab is used to modulate the forecast module in Swarm. The results of the modulation prove the correctness and feasibility of the forecast module.At last, a new architecture based on IDS forecast module is set up, which takes the cost problems into consideration. The new architecture mainly adds forecast analysis module, improves response module. It uses the forecast method on a basis of replicator dynamics, to analyze the avenue of both sides and forecast the trend of their behaviors. With the results of the analysis, it can modify its strategies to make full use of limited resource in systems.