The packer filter: an efficient mechanism for user-level network code
SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
ACM SIGOPS Operating Systems Review
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Hi-index | 0.01 |
Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network.