Skip to main content
SpringerLink
Log in

Flexible Intrusion Detection Using Variable-Length Behavior Modeling in Distributed Environment: Application to CORBA Objects

  • Conference paper
  • First Online:
Recent Advances in Intrusion Detection (RAID 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1907))

Included in the following conference series:

Abstract

This paper presents an approach of the intrusion detection problem applied to CORBA-type distributed environments. The approach is based on the measure of deviation from client reference behaviors towards the CORBA servant objects to be protected. We consider a client behavior as a sequence of invoked requests between each couple of client-server, during each connection of the observed client. We construct, during a training period, a client behavior model based on variable-length branches tree representation. This model both takes into account the series of invoked requests and their parameter values. To make our approach more flexible, we construct, at the end of the training period, a tolerance interval for each numerical parameter. These intervals allow deviation between observed and learned values to be measured. This article presents our preliminary results and introduces our future works.

This work is partly funded by The France Telecom R&D Center. We would like to thank especially Anne Lille, Eric Malville, and Michel Milhau for many interesting discussions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. H. Debar, M. Dacier, M. Nassehi, and A. Wespi. Fixed vs. variable-length patterns for detecting suspicious process. In J. J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, (editors), Proceedings of the 998 ESORICS Conference, number 1485 in LNCS, pages 1–16, september 1998.

    Google Scholar 

  2. Inprise. Programmer’s guide, visibroker for java (v3.3). http://www.inprise.com/, 1998.

  3. M. Stillman M. Stillman, C. Marceau. Intrusion detection for distributed applications. Communications of the ACM, 42(7):62–69, July 1999.

    Google Scholar 

  4. OMG. Corba services: Common object services specification. http://www.omg.org/, december 1998.

  5. OMG. Corba/iiop specification (v2.3.1). http://www.omg.org/, June 1999.

Download references

Author information

Authors and Affiliations

  1. Supélec, Cesson-Sevigne, France

    Zakia Marrakchi, Ludovic Mé, Bernard Vivinis & Benjamin Morin

Authors
  1. Zakia Marrakchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ludovic Mé
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernard Vivinis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benjamin Morin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. France Télécom R & D, 42 Rue des Coutoures, 14000, Caen, France

    Hervé Debar

  2. SUPELEC, BP 28, 35511, Cesson Sevigne Cedex, France

    Ludovic Mé

  3. Department of Computer Science, 2063 Engineering II, University of California at Davis, One Shields Avenue, Davis, CA, 95616-8562, USA

    S. Felix Wu

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Marrakchi, Z., Mé, L., Vivinis, B., Morin, B. (2000). Flexible Intrusion Detection Using Variable-Length Behavior Modeling in Distributed Environment: Application to CORBA Objects. In: Debar, H., Mé, L., Wu, S.F. (eds) Recent Advances in Intrusion Detection. RAID 2000. Lecture Notes in Computer Science, vol 1907. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39945-3_9

Download citation

  • DOI: https://doi.org/10.1007/3-540-39945-3_9

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41085-0

  • Online ISBN: 978-3-540-39945-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation