An anticipatory reasoning-reacting system for defending against malice anticipatorily

Today, information security of information systems is no longer about confidentiality, integrity and availability, but about ensuring that the systems are predictably dependable in the face of all sorts of malice. Although intrusion detection systems (IDS) make big progress on defending against computing malice, there is still a gap between current IDSs and ideal malice defense systems. On the other hand, anticipatory reasoning-reacting systems (ARRS) were proposed as a high secure system with the ability to defend against malice anticipatorily, however, until now, there is no concrete implementation of ARRS for security, as well as no evidence showing the practical usefulness of anticipatory computing for security. As a step towards to ideal secure systems, we designed and implemented an ARRS for malice defense, which can adapt to different application by configuring different information source, anticipatory model, and anticipatory actions. We also evaluated our system by KDD99 dataset and a case study of web server. This paper proposes what features ideal malice defense systems should have, points out the gap between current IDSs and ideal malice defense systems, shows why some advantages of ARRSs could contribute ideal malice defense systems, and presents and evaluates a practical implementation of ARRS for security.