Dynamic Optimal Countermeasure Selection for Intrusion Response System

Designing an efficient defense framework is challenging with respect to a network's complexity, widespread sophisticated attacks, attackers' ability, and the diversity of security appliances. The Intrusion Response System (IRS) is intended to respond automatically to incidents by attuning the attack damage and countermeasure costs. The existing approaches inherit some limitations, such as using static countermeasure effectiveness, static countermeasure deployment cost, or neglecting the countermeasures' negative impact on service quality (QoS). These limitations may lead the IRS to select inappropriate countermeasures and deployment locations, which in turn may reduce network performance and disconnect legitimate users. In this paper, we propose a dynamic defense framework that selects an optimal countermeasure against different attack damage costs. To measure the attack damage cost, we propose a novel defense-centric model based on a service dependency graph. To select the optimal countermeasure dynamically, we formulate the problem at hand using a multi-objective optimization concept that maximizes the security benefit, minimizes the negative impact on users and services, and minimizes the security deployment cost with respect to the attack damage cost.