IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Inoculating software for survivability
Communications of the ACM
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
The “worm” programs—early experience with a distributed computation
Communications of the ACM
Design and evaluation of a wide-area event notification service
ACM Transactions on Computer Systems (TOCS)
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Efficient, DoS-resistant, secure key exchange for internet protocols
Proceedings of the 9th ACM conference on Computer and communications security
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Anomaly Detection over Noisy Data using Learned Probability Distributions
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
The Design and Implementation of an Intrusion Tolerant System
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Using process technology to control and coordinate software adaptation
Proceedings of the 25th International Conference on Software Engineering
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Building Auto-Adaptive Distributed Applications: The QuO-APOD Experience
ICDCSW '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Adaptive Use of Network-Centric Mechanisms in Cyber-Defense
ISORC '03 Proceedings of the Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Network Worm Vaccine Architecture
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Indra: A peer-to-peer approach to network intrusion detection and prevention
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
The design and implementation of Zap: a system for migrating computing environments
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Shockwave Rider
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
Detecting malicious software by monitoring anomalous windows registry accesses
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Learning unknown attacks - a start
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
SOS: an architecture for mitigating DDoS attacks
IEEE Journal on Selected Areas in Communications
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Adaptive Cyberdefense for Survival and Intrusion Tolerance
IEEE Internet Computing
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Retrofitting Autonomic Capabilities onto Legacy Systems
Cluster Computing
On incremental file system development
ACM Transactions on Storage (TOS)
International Journal of Distributed Sensor Networks - Sensor Networks, Ubiquitous and Trustworthy Computing
Agent Methods for Network Intrusion Detection and Response
HoloMAS '07 Proceedings of the 3rd international conference on Industrial Applications of Holonic and Multi-Agent Systems: Holonic and Multi-Agent Systems for Manufacturing
Detecting Intrusions in Agent System by Means of Exception Handling
HoloMAS '07 Proceedings of the 3rd international conference on Industrial Applications of Holonic and Multi-Agent Systems: Holonic and Multi-Agent Systems for Manufacturing
Agent-Based Network Protection Against Malicious Code
CEEMAS '07 Proceedings of the 5th international Central and Eastern European conference on Multi-Agent Systems and Applications V
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Unifying strategies and tactics: a survivability framework for countering cyber attacks
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Multi-agent framework for simulation of adaptive cooperative defense against internet attacks
AIS-ADM'07 Proceedings of the 2nd international conference on Autonomous intelligent systems: agents and data mining
A holistic approach to survivable distributed information system for critical applications
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
| Hi-index | 0.00 |
We present SABER (Survivability Architecture: Block, Evade, React), a proposed survivability architecture that blocks, evades and reacts to a variety of attacks by using several security and survivability mechanisms in an automated and coordinated fashion. Contrary to the ad hoc manner in which contemporary survivable systems are built-using isolated, independent security mechanisms such as firewalls, intrusion detection systems and software sandboxes-SABER integrates several different technologies in an attempt to provide a unified framework for responding to the wide range of attacks malicious insiders and outsiders can launch. This coordinated multi-layer approach will be capable of defending against attacks targeted at various levels of the network stack, such as congestion-based DoS attacks, software-based DoS or code-injection attacks, and others. Our fundamental insight is that while multiple lines of defense are useful, most conventional, uncoordinated approaches fail to exploit the full range of available responses to incidents. By coordinating the response, the ability to survive successful security breaches increases substantially. We discuss the key components of SABER, how they will be integrated together, and how we can leverage on the promising results of the individual components to improve survivability in a variety of coordinated attack scenarios. SABER is currently in the prototyping stages, with several interesting open research topics.