An autonomous security management system that aims to detect, analyze, and react to attacks in an automated fashion is the focus of this paper.
To accomplish this, the authors use a variety of sensors. An anomaly-based intrusion detection system (IDS) monitors parameters such as central processing unit (CPU) load, memory, and network statistics to detect previously unknown attacks, while a traditional signature-based IDS checks for attacks that do not have a noticeable impact on performance. Furthermore, the system uses a future exploits forecaster running an autoregressive integrated moving average (ARIMA) model to predict the future state of the system based on environmental parameters, system state, security parameters, and control inputs. Suspicious flows are routed to a virtual machine called the “front VM” where their effects can be studied to determine whether the flow is malicious. When an attack is identified, the system selects and deploys possible defensive measures using a multiobjective analysis controller (MAC).
The measures include common controls such as intrusion prevention systems, packet filtering, and server replication/scaling, but more drastic measures such as server disconnection or shutdown are available if the need arises. To select the appropriate reaction to a given threat, the MAC uses criteria such as execution speed, packet rate recovery, and CPU utilization recovery to rank alternatives.
Evaluation of the autonomous system using user datagram protocol (UDP) floods, simple SQL injection (detected by a signature-based IDS), and memory exhaustion attacks show that, although the protection time is not yet ideal, the system reacts appropriately to these situations.
The proposed system might work well to defend against denial of service attacks because the filter can be specifically adapted to the traffic pattern. Other attacks (such as attacks on web-based content management systems) might be missed if a signature is not yet available and no other anomalies, such high system load, are present.