Experiments on COTS Diversity as an Intrusion Detection and Tolerance Mechanism
نویسندگان
چکیده
COTS (Components-Off-The-Shelf) diversity has been proposed by many recent projects to ensure intrusion detection and tolerance. However using COTS in a N-version architecture presents some drawbacks, especially in intrusion detection, which have consequences on intrusion tolerance. COTS Diversity is prone to raise many false positives (false alerts). In this article, we explain what a COTS Diversity architecture can detect and propose a masking mechanism to reduce the false positive rate. We apply this method to web servers and provide some experimental results that confirm the necessity of this mechanism.
منابع مشابه
SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services-A Technology Summary
This paper presents a intrusion tolerant architecture for distributed services, especially COTS servers. It is motivated by two observations: First, no security precautions can guarantee that a system will not be penetrated; Second, mission critical applications need to provide minimal level of services even under active attacks or partially compromised. The emphasis of proposed architecture is...
متن کاملCOTS Diversity Based Intrusion Detection and Application to Web Servers
It is commonly accepted that intrusion detection systems (IDS) are required to compensate for the insufficient security mechanisms that are available on computer systems and networks. However, the anomaly-based IDSes that have been proposed in the recent years present some drawbacks, e.g., the necessity to explicitly define a behaviour reference model. In this paper, we propose a new approach t...
متن کاملتولید خودکار الگوهای نفوذ جدید با استفاده از طبقهبندهای تک کلاسی و روشهای یادگیری استقرایی
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...
متن کاملImprovement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملFile-type Identification with Incomplete Information
File-type Identification (FTI) is an important problem in digital forensics, intrusion detection, and other related fields. Using stateof-the-art classification techniques to solve FTI problems has begun to receive research attention; however, general conclusions have not been reached due to the lack of thorough evaluations for method comparison. This paper presents a systematic investigation o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007