Automated adaptive intrusion containment in systems of interacting services

Yu-Sung Wu, Bingrui Foo, Yu Chun Mao, Saurabh Bagchi*, Eugene H. Spafford

*Corresponding author for this work

研究成果: Article同行評審

37 引文 斯高帕斯(Scopus)


Large scale distributed systems typically have interactions among different services that create an avenue for propagation of a failure from one service to another. The failures being considered may be the result of natural failures or malicious activity, collectively called disruptions. To make these systems tolerant to failures it is necessary to contain the spread of the occurrence automatically once it is detected. The objective is to allow certain parts of the system to continue to provide partial functionality in the system in the face of failures. Real world situations impose several constraints on the design of such a disruption tolerant system of which we consider the following - the alarms may have type I or type II errors; it may not be possible to change the service itself even though the interaction may be changed; attacks may use steps that are not anticipated a priori; and there may be bursts of concurrent alarms. We present the design and implementation of a system named Adepts as the realization of such a disruption tolerant system. Adepts uses a directed graph representation to model the spread of the failure through the system, presents algorithms for determining appropriate responses and monitoring their effectiveness, and quantifies the effect of disruptions through a high level survivability metric. Adepts is demonstrated on a real e-commerce testbed with actual attack patterns injected into it.

頁(從 - 到)1334-1360
期刊Computer Networks
出版狀態Published - 11 四月 2007

指紋 深入研究「Automated adaptive intrusion containment in systems of interacting services」主題。共同形成了獨特的指紋。