Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Self-Organizing Systems

IWSOS 2008: Self-Organizing Systems pp 230–241Cite as

A Semi-Autonomic Framework for Intrusion Tolerance in Heterogeneous Networks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5343))

Abstract

A suitable strategy for network intrusion tolerance— detecting intrusions and remedying them—depends on aspects of the domain being protected, such as the kinds of intrusion faced, the resources available for monitoring and remediation, and the level at which automated remediation can be carried out. The decision to remediate autonomically will have to consider the relative costs of performing a potentially disruptive remedy in the wrong circumstances and leaving it up to a slow, but more accurate, human operator. Autonomic remediation also needs to be withdrawn at some point – a phase of recovery to the normal network state.

In this paper, we present a framework for deploying domain-adaptable intrusion-tolerance strategies in heterogeneous networks. Functionality is divided into that which is fixed by the domain and that which should adapt, in order to cope with heterogeneity. The interactions between detection and remediation are considered in order to make a stable recovery decision. We also present a model for combining diverse sources of monitoring to improve accurate decision making, an important pre-requisite to automated remediation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The INTERSECTION Project, http://www.intersection-project.eu/

  2. Abad, C., Li, Y., Lakkaraju, K., Yin, X., Yurcik, W.: Correlation between netflow system and network views for intrusion detection

    Google Scholar 

  3. Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y., Rowe, K.: Log correlation for intrusion detection: A proof of concept. In: Proceedings of the 19th Annual Computer Security Applications Conference, ACSAC (2003)

    Google Scholar 

  4. Armannsson, D., Smith, P., Hjalmtysson, G., Mathy, L.: Controlling the Effects of Anomalous ARP Behaviour on Ethernet Networks. In: CoNEXT 2005, Toulouse, France, October 2005, pp. 50–60 (2005)

    Google Scholar 

  5. Bace, R.G.: Intrusion Detection. Macmillan Technical Publishing, Basingstoke (2000)

    Google Scholar 

  6. Baker, A.R., Caswell, B., Poor, M.: Snort 2.1 Intrusion Detection, 2nd edn. Syngress (2004)

    Google Scholar 

  7. Balepin, I., Maltsev, S., Rowe, J., Levitt, K.: Using Specification-Based Intrusion Detection for Automated Response. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). Number 4765 in RFC. IETF (March 2007)

    Google Scholar 

  9. Gamer, T., Schöller, M., Bless, R.: A granularity-adaptive system for in-network attack detection. In: IEEE / IST Workshop on Monitoring, Attack Detection and Mitigation, Tuebingen, Germany, pp. 47–50 (September 2006)

    Google Scholar 

  10. Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of ACM SIGCOMM 2005 (August 2005)

    Google Scholar 

  11. Li, Z., Taylor, J., Partridge, E., Zhou, Y., Yurcik, W., Abad, C., Barlow, J.J., Rosendale, J.: Uclog: A unified, correlated logging architecture for intrusion detection. In: Proceedings of the 12th International Conference on Telecommunication Systems - Modeling and Analysis, ICTSM (2004)

    Google Scholar 

  12. Lindqvist, U., Porras, P.A.: Detecting computer and network misuse through the production-based expert system toolset (p-best). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 1999, pp. 146–161. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

  13. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: Proceedings of ACM SAC 2003 (2003)

    Google Scholar 

  14. Paxson, V., Terney, B.: Bro reference manual (2004)

    Google Scholar 

  15. Xie, L., Smith, P., Jabbar, A., Banfield, M., Leopold, H., Hutchison, D., Sterbenz, J.P.G.: From Detection to Remediation: A Self-Organized System for Addressing Flash Crowd Problems. In: IEEE International Conference on Communications (ICC 2008), Beijing, China (May 2008)

    Google Scholar 

  16. Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: Visflowconnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 26–34. ACM Press, New York (2004)

    Google Scholar 

  17. Zhang, Y., Luo, J., Lu, H. (eds.): Wireless Mesh Networking Architecture, Protocols and Standards. Auerbach Publications (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CINI – ITeM Laboratory, Via Cinthia, 80126, Napoli, Italy

    Salvatore D’Antonio

  2. University of Napoli “Federico II”, Via Claudio 21, 80125, Napoli, Italy

    Simon Pietro Romano

  3. Computing Department, InfoLab21, Lancaster University, Lancaster, UK

    Steven Simpson, Paul Smith & David Hutchison

Authors
  1. Salvatore D’Antonio
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Pietro Romano
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steven Simpson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paul Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. David Hutchison
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Distributed and Multimedia Systems, University of Vienna, Lenaugasse 2/8, A-1080, Vienna

    Karin Anna Hummel

  2. Coommunications and networking Systems laboratory Information Telecommunication Technology Center, Lancaster University, 145 Nichols Hall, Lawrance, 66045-7612, Kansas, USA

    James P. G. Sterbenz

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

D’Antonio, S., Romano, S.P., Simpson, S., Smith, P., Hutchison, D. (2008). A Semi-Autonomic Framework for Intrusion Tolerance in Heterogeneous Networks. In: Hummel, K.A., Sterbenz, J.P.G. (eds) Self-Organizing Systems. IWSOS 2008. Lecture Notes in Computer Science, vol 5343. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92157-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-92157-8_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-92156-1

  • Online ISBN: 978-3-540-92157-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation