基于危险理论的自动入侵响应系统模型

提出了一种基于危险理论的自动入侵响应系统模型(AIRSDT),对网络活动中自体、非自体、免疫细胞、记忆检测器、成熟检测器和未成熟检测器进行了形式化描述,建立了主机和网络实时危险定量计算方程,并根据主机和网络当前所面临攻击的各类攻击和总体网络危险强度,自动调整入侵响应策略。理论分析和实验结果充分表明,模型有助于解决自动入侵响应研究中难以判断真正"危险"的入侵或者攻击行为的问题,降低入侵响应次数和响应综合代价。

Automated intrusion response system model based on danger theory

A novel automated response system model based on the danger theory(AIRSDT) was given.With the descrip-tions of self,non-self,immunocyte,memory detector,mature detector and immature detector of the network transactions,network danger evaluation equations for host and network were built up.Then,the automated response actions were taken or adjusted according to the danger of each network attack,including holistic risk degrees of the host and network.Both the theory analysis and experimental results prove that AIRSDT not only helps to solve the problem that the current automated response models could not detect the ’true’ intrusion or attack action,but also greatly reduces the response times and response cost.