Abstract

We present a method for autonomic intrusion detection and response to optimize processes of cybersecurity in large distributed systems. These environments are characterized by technology fragmentation and complex operations making them highly susceptible to attacks like hijacking, man-in-the-middle, denial-of-service, phishing, and others. The autonomic intrusion response system introduces models of operational analysis and reaction based on the combination of autonomic computing and big data. We implemented a proof-of-concept and executed experiments that demonstrate significant improvement in effectiveness and scalability of the method in complex environments.