A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Monitoring Smoothly Degrading Systems for Increased Dependability
Empirical Software Engineering
The Automatic Generation of Load Test Suites and the Assessment of the Resulting Software
IEEE Transactions on Software Engineering
Detecting failed processes using fault signatures
IPDS '96 Proceedings of the 2nd International Computer Performance and Dependability Symposium (IPDS '96)
Software Rejuvenation: Analysis, Module and Applications
FTCS '95 Proceedings of the Twenty-Fifth International Symposium on Fault-Tolerant Computing
Estimating the CPU utilization of a rule-based system
WOSP '04 Proceedings of the 4th international workshop on Software and performance
Ensuring stable performance for systems that degrade
Proceedings of the 5th international workshop on Software and performance
Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs
WOSP '07 Proceedings of the 6th international workshop on Software and performance
Intrusion detection using sequences of system calls
Journal of Computer Security
Proceedings of the Second Asia-Pacific Workshop on Systems
Hi-index | 0.00 |
A new approach for detecting security attacks on software systems by monitoring the software system performance signatures is introduced. We present a proposed architecture for security intrusion detection using off-the-shelf security monitoring tools and performance signatures. Our approach relies on the assumption that the performance signature of the well-behaved system can be measured and that the performance signature of several types of attacks can be identified. This assumption has been validated for operations support systems that are used to monitor large infrastructures and receive aggregated traffic that is periodic in nature. Examples of such infrastructures include telecommunications systems, transportation systems and power generation systems. In addition, significant deviation from well-behaved system performance signatures can be used to trigger alerts about new types of security attacks. We used a custom performance benchmark and five types of security attacks to derive performance signatures for the normal mode of operation and the security attack mode of operation. We observed that one of the types of the security attacks went undetected by the off-the-shelf security monitoring tools but was detected by our approach of monitoring performance signatures. We conclude that an architecture for security intrusion detection can be effectively complemented by monitoring of performance signatures.