ACM Transactions on Computer Systems (TOCS)
Parallel and Distributed Computing for Cybersecurity
IEEE Distributed Systems Online
| Hi-index | 0.00 |
This paper presents an architecture for a global intrusion detection and tolerance such as global detection, global correlation, and intrusion tolerance. Global Intrusion Detection and Tolerance System (GIDTS). The cooperation proposed by the GIDTS solution allows the detection of complex attacks at their early stages. This cooperation is performed based on the output of several detection components located at different levels (wire network, wireless network, host, and disk). In addition, major detection and tolerance capabilities are protected against intruders attempts since they are performed by compromise independent components, located at the disk level. The GIDTS components implement different functions based on formal models proposed in this paper including, especially, alert correlation, storage requests, and tolerance strategy models. To enhance detection and tolerance capabilities, each GIDTS is assumed to cooperate with any other GIDTSs via a neighbor identification protocol. To illustrate GIDTS behavior, we propose an environment that integrates the flight management system, which represents a distributed application.