On the design of an global intrusion tolerance network architecture against the internet catastrophes

Authors:
Wen-Chen Sun;Yi-Ming Chen
Affiliations:
Department of Information Management, National Central University, No. 300, Jhongda Road, Jhongli City, Taoyuan County 320, Taiwan, ROC;Department of Information Management, National Central University, No. 300, Jhongda Road, Jhongli City, Taoyuan County 320, Taiwan, ROC
Venue:
Journal of Systems and Software
Year:
2009

Citing 29
Cited 0

Uniform crossover in genetic algorithms

Proceedings of the third international conference on Genetic algorithms
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Monitoring and early warning for internet worms

Proceedings of the 10th ACM conference on Computer and communications security
Consensus in byzantine asynchronous systems

Journal of Discrete Algorithms
A Qualitative Analysis of the Intrusion-Tolerance Capabilities of the MAFTIA Architecture

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing
Towards automatic monitoring of component-based software systems

Journal of Systems and Software - Special issue: Automated component-based software engineering
Polygraph: Automatically Generating Signatures for Polymorphic Worms

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Fast and automated generation of attack signatures: a basis for building self-protecting servers

Proceedings of the 12th ACM conference on Computer and communications security
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits

Proceedings of the 12th ACM conference on Computer and communications security
PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks

IEEE Transactions on Dependable and Secure Computing
A monitoring system for detecting repeated packets with applications to computer worms

International Journal of Information Security
Design and Analysis of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID Environments

ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Fireflies: scalable support for intrusion-tolerant network overlays

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Worm-IT - A wormhole-based intrusion-tolerant group communication system

Journal of Systems and Software
Intrusion detection aware component-based systems: A specification-based framework

Journal of Systems and Software
Surviving internet catastrophes

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security (SCIT/HES)

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Collapsar: a VM-based architecture for network attack detention center

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
BAR Gossip

OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Building intrusion pattern miner for Snort network intrusion detection system

Journal of Systems and Software
Intrusion detection and tolerance: A global scheme

International Journal of Communication Systems
SecureStream: An intrusion-tolerant protocol for live-streaming dissemination

Computer Communications
Analyzing worms and network traffic using compression

Journal of Computer Security
Towards the automatic generation of mobile agents for distributed intrusion detection system

Journal of Systems and Software
Learning unknown attacks - a start

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Hybrid modeling for large-scale worm propagation simulations

ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Polymorphic worm detection using structural information of executables

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Today's security communities face a daunting challenges - how to protect the Internet from new, unknown zero day worms. Due to their innovation, these worms are hard to be stopped by traditional security mechanisms. Therefore, instead of trying to prevent the intrusion of every such a thread, this paper proposes a new system architecture, named Virtual Machine based Intrusion Tolerance Network (VMITN), which will tolerate the new worm attack until administrators remove the vulnerability leveraged by the worm. The VMITN adopts a rough-set based recognition mechanism to detect zero day worms and a virtual machine based overlay network to mitigate attacks. We have implemented a concept proof prototype system and use NS-2 simulations to study the performance of the VMITN in a large scale network. The behavior of the famous Witty worm is simulated within the NS-2 module and the simulations result showed that our VMITN architecture can provide the reliability and survivability under severe worm attacks.