ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Global intrusion detection and tolerance in networked systems
Full text PdfPdf (84 KB)
Source Symposium on Applied Computing archive
Proceedings of the 2007 ACM symposium on Applied computing table of contents
Seoul, Korea
SESSION: Computer forensics table of contents
Pages: 188 - 189  
Year of Publication: 2007
ISBN:1-59593-480-4
Authors
Amel Meddeb  University of Carthage, Tunisia
Yacine Djemaiel  University of Carthage, Tunisia
Noureddine Boudriga  University of Carthage, Tunisia
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 54,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1244002.1244051
What is a DOI?

ABSTRACT

This paper presents an architecture for a global intrusion detection and tolerance such as global detection, global correlation, and intrusion tolerance. Global Intrusion Detection and Tolerance System (GIDTS). The cooperation proposed by the GIDTS solution allows the detection of complex attacks at their early stages. This cooperation is performed based on the output of several detection components located at different levels (wire network, wireless network, host, and disk). In addition, major detection and tolerance capabilities are protected against intruders attempts since they are performed by compromise independent components, located at the disk level. The GIDTS components implement different functions based on formal models proposed in this paper including, especially, alert correlation, storage requests, and tolerance strategy models. To enhance detection and tolerance capabilities, each GIDTS is assumed to cooperate with any other GIDTSs via a neighbor identification protocol. To illustrate GIDTS behavior, we propose an environment that integrates the flight management system, which represents a distributed application.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
C. J. Healey: P. Ning: D. Xu; and R. St. Amant, Building attack scenarios through integration of complementary alert correlation method, CIT05 (USA), 2004.
 
2
Y. Djemail; S. Rekhis; and N. Boudriga, Cooperative intrusion detection and tolerance system, ICECS, 2005.
3
Samuel T. King , Peter M. Chen, Backtracking intrusions, ACM Transactions on Computer Systems (TOCS), v.23 n.1, p.51-76, February 2005  [doi>10.1145/1047915.1047918]
 
4
Vipin Kumar, Parallel and Distributed Computing for Cybersecurity, IEEE Distributed Systems Online, v.6 n.10, p.1, October 2005  [doi>10.1109/MDSO.2005.53]

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)


General Terms:
Algorithms, Security


Keywords:
disk-based intrusion detection, distributed attacks, global detection, local detection, tolerance

Collaborative Colleagues:
Amel Meddeb: colleagues
Yacine Djemaiel: colleagues
Noureddine Boudriga: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player