Contextual Fuzzy Cognitive Map for Intrusion Response System

An intrusion response system is charged with minimizing any losses caused by intrusion. It remains ineffective if the response to the intrusion does not bring the timely and adequate corrections required by the victim system. This paper proposes a new intrusion response system based on contextual fuzzy cognitive map. In this intrusion response system framework, a new ontology is defined based upon conceptual graphs in order to describe relationships between different intrusion concepts and recognize suspect connection as an intrusion which belongs to known intrusion class (DOS, PROBING, U2R or R2U). Fuzzy cognitive maps are used to assess the negative impact of an intrusion on the victim system. Specifying appropriate remedies for all damages which are caused by intrusion is considered as main task of intrusion response system. There are two kinds of remedies: direct or indirect remedies, the former is accomplished by acting directly on the victim system but the later is considered as remotely acting on damaged system. The proposed intrusion response system is multilayer system. The first layer is charged with the identification of the intrusion suspect intrusion using conceptual graphs to build a new ontology. The second layer assesses the effect of intrusion on the victim system using a fuzzy cognitive map. The third layer recommends a response in two ways: automatically by acting through a mobile agent, or manually by alerting the appropriate security