Attack Recognition for System Survivability: A Low-level Approach
نویسندگان
چکیده
This paper extends and builds on previous work that presented a signature-based attack recognition technique. We present general requirements for “survivable attack recognition” and discuss how our approach fits the requirements. Empirical results are given along with an estimate of the measured performance. Other work is reviewed within the context of attack recognition for survivability.
منابع مشابه
Alert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملProbabilistic Validation of Computer System Survivability
There is a growing need for systems whose survivability in a specified use and/or attack environment can be assured with confidence. Many techniques have been proposed to validate individual components (e.g., formal methods) or a system as a whole (e.g., red teaming). However, no single technique can provide the breadth of evidence needed to validate a system with respect to high-level survivab...
متن کاملShifting the Focus of Survivability: Back to the Basics
This research introduces a new paradigm to survivability. The philosophy of the approach is to consider a hierarchical solution space, where survivability features for speci c attacks are applied at the lowest suitable level. Whereas the hierarchy as a whole is assumed to represent a comprehensive solution, each level is limited in scope to deal with attacks which have speci c characteristics. ...
متن کاملOn the Performance of a Survivability Architecture for Networked Computing Systems
This research focuses on the performance and timing behavior of a two level survivability architecture. The lower level of the architecture involves attack analysis based on kernel attack signatures and survivability handlers. Higher level survivability mechanisms are implemented using migratory autonomous agents. The potential for fast response to, and recovery from, malicious attacks is the m...
متن کاملLow Level Network Attack Recognition A Signature Based Approach
This research presents a new method for detecting network attacks based on network tra c signatures The method emphasizes low level analysis of network tra c high e ciency real time operation and accurate identi cation of attacks Attack recogni tion is based on the analysis of TCP protocol ags with respect to speci c attacks and is characterized by its simplicity Index Terms Attack recognition ...
متن کامل