On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization

Authors:
James C. Reynolds;James Just;Larry Clough;Ryan Maglich
Affiliations:
-;-;-;-
Venue:
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Year:
2003

Citing 0
Cited 13

A holistic approach to service survivability

Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Fast and automated generation of attack signatures: a basis for building self-protecting servers

Proceedings of the 12th ACM conference on Computer and communications security
Use of diversity as a defense mechanism

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Speculative virtual verification: policy-constrained speculative execution

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Automatic synthesis of filters to discard buffer overflow attacks: a step towards realizing self-healing systems

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Detecting targeted attacks using shadow honeypots

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A Study of Malcode-Bearing Documents

DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
LIDF: Layered intrusion detection framework for ad-hoc networks

Ad Hoc Networks
Fast and Black-box Exploit Detection and Signature Generation for Commodity Software

ACM Transactions on Information and System Security (TISSEC)
Application communities: using monoculture for dependability

HotDep'05 Proceedings of the First conference on Hot topics in system dependability
A self-healing mechanism for an intrusion tolerance system

TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
FLIPS: hybrid adaptive intrusion prevention

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A Systematic Survey of Self-Protecting Software Systems

ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012

Quantified Score

Hi-index	0.00

Visualization

Abstract

We have built a system for protecting Internet services to securely connected, known users. It implements a generate-and-test approach for on-line attack identification and uses similarity rules for generalization of attack signatures. We can immediately protect the system from many variants of previously unknown attacks without debilitating waits for anti-virus updates or software patches. Unique to our approach is the use of diverse process pairs not only for isolation benefits but also for detection. The architecture uses the comparison of outputs from diverse applications to provide a significant and novel intrusion detection capability. With this technique, we gain the benefits of n-version programming without its controversial disadvantages. The isolation of intrusions is mainly achieved with an out-of-band control system that separates the primary and backup system. It also initiates attack diagnosis and blocking, and recovery, which is accelerated by continual repair.