Nowadays, from information security perspective, detection methods are not enough solely. Intrusion Detection and Response Systems (IDRS), as a proactive solution, continuously monitor system health based on Intrusion Detection System (IDS) alerts, so that malicious activities can be handled effectively by applying appropriate countermeasures to prevent problems from worsening and return the system to a healthy state. In this paper, a novel IDRS is proposed which processes the generated alerts in real time, correlates the alerts, calculates the risk of correlated alerts and models the attack scenarios and their countermeasures using the concept of Bayesian decision networks (BDNs). The proposed framework has two modes: online and offline. In the offline mode, a BDN model is constructed. Then, in the online mode, using the generated BDN, the next probable intentions of attackers are predicted and the optimal sets of countermeasures are identified to prevent the attackers reaching their goals. The experimental results show that the proposed method effectively improves the security level of computer systems in terms of forecasting the multi-step attacks before they can compromise the network and determining the optimal security risk mitigation plans to prevent damages to the organizations assets

Keywords