Intrusion detection
Snort 2.0 Intrusion Detection
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Log Correlation for Intrusion Detection: A Proof of Concept
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Controlling the effects of anomalous ARP behaviour on ethernet networks
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Hi-index | 0.00 |
A suitable strategy for network intrusion tolerance-- detecting intrusions and remedying them--depends on aspects of the domain being protected, such as the kinds of intrusion faced, the resources available for monitoring and remediation, and the level at which automated remediation can be carried out. The decision to remediate autonomically will have to consider the relative costs of performing a potentially disruptive remedy in the wrong circumstances and leaving it up to a slow, but more accurate, human operator. Autonomic remediation also needs to be withdrawn at some point --- a phase of recovery to the normal network state. In this paper, we present a framework for deploying domain-adaptable intrusion-tolerance strategies in heterogeneous networks. Functionality is divided into that which is fixed by the domain and that which should adapt, in order to cope with heterogeneity. The interactions between detection and remediation are considered in order to make a stable recovery decision. We also present a model for combining diverse sources of monitoring to improve accurate decision making, an important pre-requisite to automated remediation.