Intelligent Automated Intrusion Response System based on Fuzzy Decision Making and Risk Assessment

The most important aim of Automated Intrusion Response Systems (AIRSs) is selecting responses that impose less cost on the protected system and which are able to neutralize intrusions progress effectively. Cost-sensitive AIRSs use different methods to launch efficient responses. In this regard, risk assessment as a component for assessing intrusion danger on the system is introduced in many papers. However, most available risk assessment methods produce ambiguous results. Fuzzy logic is known as an effective method to be used in the process of risk assessment. This is mainly because fuzzy approach reduces the level of uncertainty of risk factors. To assess risk by fuzzy methods, risk parameters which are extracted from the traffic patterns are used as inputs of fuzzy systems. The aim of this paper is to introduce an AIRS based on fuzzy risk assessment to evaluate the risk of each intrusion in real time and apply a suitable response for protecting web applications. We also introduce a method for applying responses retroactively. The results of applied method show the effective performance of the proposed method in terms of cost-sensitivity and time to response.