Uniform crossover in genetic algorithms
Proceedings of the third international conference on Genetic algorithms
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Consensus in byzantine asynchronous systems
Journal of Discrete Algorithms
A Qualitative Analysis of the Intrusion-Tolerance Capabilities of the MAFTIA Architecture
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Towards automatic monitoring of component-based software systems
Journal of Systems and Software - Special issue: Automated component-based software engineering
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
IEEE Transactions on Dependable and Secure Computing
A monitoring system for detecting repeated packets with applications to computer worms
International Journal of Information Security
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Fireflies: scalable support for intrusion-tolerant network overlays
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Worm-IT - A wormhole-based intrusion-tolerant group communication system
Journal of Systems and Software
Intrusion detection aware component-based systems: A specification-based framework
Journal of Systems and Software
Surviving internet catastrophes
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Building intrusion pattern miner for Snort network intrusion detection system
Journal of Systems and Software
Intrusion detection and tolerance: A global scheme
International Journal of Communication Systems
SecureStream: An intrusion-tolerant protocol for live-streaming dissemination
Computer Communications
Analyzing worms and network traffic using compression
Journal of Computer Security
Towards the automatic generation of mobile agents for distributed intrusion detection system
Journal of Systems and Software
Learning unknown attacks - a start
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Hybrid modeling for large-scale worm propagation simulations
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Today's security communities face a daunting challenges - how to protect the Internet from new, unknown zero day worms. Due to their innovation, these worms are hard to be stopped by traditional security mechanisms. Therefore, instead of trying to prevent the intrusion of every such a thread, this paper proposes a new system architecture, named Virtual Machine based Intrusion Tolerance Network (VMITN), which will tolerate the new worm attack until administrators remove the vulnerability leveraged by the worm. The VMITN adopts a rough-set based recognition mechanism to detect zero day worms and a virtual machine based overlay network to mitigate attacks. We have implemented a concept proof prototype system and use NS-2 simulations to study the performance of the VMITN in a large scale network. The behavior of the famous Witty worm is simulated within the NS-2 module and the simulations result showed that our VMITN architecture can provide the reliability and survivability under severe worm attacks.