Abstract
This paper presents an approach of the intrusion detection problem applied to CORBA-type distributed environments. The approach is based on the measure of deviation from client reference behaviors towards the CORBA servant objects to be protected. We consider a client behavior as a sequence of invoked requests between each couple of client-server, during each connection of the observed client. We construct, during a training period, a client behavior model based on variable-length branches tree representation. This model both takes into account the series of invoked requests and their parameter values. To make our approach more flexible, we construct, at the end of the training period, a tolerance interval for each numerical parameter. These intervals allow deviation between observed and learned values to be measured. This article presents our preliminary results and introduces our future works.
This work is partly funded by The France Telecom R&D Center. We would like to thank especially Anne Lille, Eric Malville, and Michel Milhau for many interesting discussions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
H. Debar, M. Dacier, M. Nassehi, and A. Wespi. Fixed vs. variable-length patterns for detecting suspicious process. In J. J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, (editors), Proceedings of the 998 ESORICS Conference, number 1485 in LNCS, pages 1–16, september 1998.
Inprise. Programmer’s guide, visibroker for java (v3.3). http://www.inprise.com/, 1998.
M. Stillman M. Stillman, C. Marceau. Intrusion detection for distributed applications. Communications of the ACM, 42(7):62–69, July 1999.
OMG. Corba services: Common object services specification. http://www.omg.org/, december 1998.
OMG. Corba/iiop specification (v2.3.1). http://www.omg.org/, June 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Marrakchi, Z., Mé, L., Vivinis, B., Morin, B. (2000). Flexible Intrusion Detection Using Variable-Length Behavior Modeling in Distributed Environment: Application to CORBA Objects. In: Debar, H., Mé, L., Wu, S.F. (eds) Recent Advances in Intrusion Detection. RAID 2000. Lecture Notes in Computer Science, vol 1907. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39945-3_9
Download citation
DOI: https://doi.org/10.1007/3-540-39945-3_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41085-0
Online ISBN: 978-3-540-39945-2
eBook Packages: Springer Book Archive