System structure for software fault tolerance
Proceedings of the international conference on Reliable software
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
A Stateful Intrusion Detection System for World-Wide Web Servers
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
IEEE Security and Privacy
An intrusion tolerant architecture for dynamic content internet servers
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Learning unknown attacks - a start
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Intrusion-tolerant architectures: concepts and design
Architecting dependable systems
Use of diversity as a defense mechanism
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Guest Editorial: From intrusion detection to self-protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A Study of Malcode-Bearing Documents
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A dependable intrusion detection architecture based on agreement services
SSS'06 Proceedings of the 8th international conference on Stabilization, safety, and security of distributed systems
Safe side effects commitment for OS-level virtualization
Proceedings of the 8th ACM international conference on Autonomic computing
Towards systematic signature testing
TestCom'07/FATES'07 Proceedings of the 19th IFIP TC6/WG6.1 international conference, and 7th international conference on Testing of Software and Communicating Systems
Assessing the trustworthiness of drivers
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Trustworthy placements: Improving quality and resilience in collaborative attack detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
It is commonly accepted that intrusion detection systems (IDS) are required to compensate for the insufficient security mechanisms that are available on computer systems and networks. However, the anomaly-based IDSes that have been proposed in the recent years present some drawbacks, e.g., the necessity to explicitly define a behaviour reference model. In this paper, we propose a new approach to anomaly detection, based on the design diversity, a technique from the dependability field that has been widely ignored in the intrusion detection area. The main advantage is that it provides an implicit, and complete reference model, instead of the explicit model usually required. For practical reasons, we actually use Components-off-the-shelf (COTS) diversity, and discuss on the impact of this choice. We present an architecture using COTS-diversity, and then apply it to web servers. We also provide experimental results that confirm the expected properties of the built IDS, and compare them with other IDSes.