Abstract:
With recent advances in network based technology and increased dependability of every day life on this technology, assuring reliable operation of network based systems is very important. During recent years, number of attacks on networks has dramatically increased and consequently interest in network intrusion detection and response has increased among the researchers. But as other network security technologies are being widely applied and achieving good results, intrusion detection and response technology is lagging. One reason is that current intrusion detection technology is limited in the detecting algorithm itself, the other is that system’s incentive and alternation of attacker’s strategies isn’t taken into consideration sufficiently in current alerts response research. A dynamic intrusion response model based on game theory (DIRBGT) is proposed to solve the second problem. On the one hand, DIRBGT takes account of incentives of system and attacker across the board, therefore the incentive of system can be assured. And on the other hand, it deals well with attack’s intent and alternation of strategies and therefore the optimal answer is stable and reliable while the optimal responses inferred from systems alone are unstable. The experimental results show that the DIRBGT model can effectively improve the accuracy and effectiveness of alert response.