Support for automated passive host-based intrusion response
作者: Ashish Gehani , Gershon Kedem
DOI:
关键词:
摘要: Vulnerabilities continue to be discovered with high frequency. Threats that exploit them can recognized by intrusion detectors. Manual response, however, is becoming decreasingly tenable. We introduce a model for automatic real-time mitigation of the risk posed host. The derived from an extant analysis framework used information assurance community, applying it operating system paradigm. describe runtime support implementing scheme. SADDLE provides auditing architecture allows fidelity detection limited computational load and storage requirements. ARM modifies reference monitor dynamically constrain permissions control probability exposing threatened resources. RICE guarantees made about confidentiality, integrity availability data after penetration occurs. NOSCAM service pro-active gathering forensic evidence postmortem attack. These systems are combined through prototype response engine, RheoStat, whose utility demonstrated using set synthetic attacks.
acm.org 参考文章(33)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Udo W. Pooch, Curtis A. Carver, Adaptive agent-based intrusion response Texas A&M University. ,(2001)
Stephen E. Smaha, Daniel M. Teal, Steven R. Snapp, Tim Grance, The {DIDS} (Distributed Intrusion Detection System) Prototype usenix summer technical conference. ,(1992)
Ruth M Davis, Guidelines for Automatic Data Processing Physical Security and Risk Management ,(1974)
Phil Porras, STAT -- A State Transition Analysis Tool For Intrusion Detection University of California at Santa Barbara. ,(1993)
Eugene H. Spafford, Gene H. Kim, Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection ,(1994)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Stefan Axelsson, Intrusion Detection Systems: A Survey and Taxonomy ,(2002)
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
John Douglas Howard, An analysis of security incidents on the Internet 1989-1995 Carnegie Mellon University. ,(1998)