Adaptive Response System based on the Success Likelihood of Ongoing Attacks

Nowadays, response systems are used jointly with preventive measures, to ensure an enhanced security level for a given system. In particular, previous papers focus on balancing the cost of the response with the impact of the attack. However, even if an attack was detected, it may not be able to achieve its objective. In this paper, we present a novel attack response system, based on the assessment of the likelihood of success of attack objectives. First, the ongoing potential attacks are identified, and their success likelihood are calculated dynamically. The success likelihood depends mainly on the progress of the attack and the state of the monitored system. Second, candidate countermeasures are identified, and their effectiveness in reducing the pre-calculated success likelihood are assessed. Finally, the candidate countermeasures are prioritized with respect to their effectiveness.