Feedback control applied to survivability: A host-based autonomic defense system

IEEE Transactions on Reliability

Volumn 53, Issue 1, 2004, Pages 148-166

  Kreidl, O Patrick ^a   Frazier, Tiffany M ^b  

^a USA   (United States)

^b Alphatech Inc   (United States)

Author keywords

Computer security; Empirical methods; Intrusion tolerance; Markovian processes; Numerical optimization; Sensor uncertainty; Stochastic control; Survivable systems

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER WORMS; DECISION MAKING; MARKOV PROCESSES; MATHEMATICAL MODELS; OPTIMIZATION; SECURITY OF DATA; STOCHASTIC CONTROL SYSTEMS; UNCERTAIN SYSTEMS;

AUTOMATED INTERNET WORM ATTACK; HOST-BASED AUTONOMIC DEFENSE SYSTEM; LINUX-BASED WEB-SERVER; SENSOR MEASUREMENT;

FEEDBACK CONTROL;

EID: 1942532330     PISSN: 00189529     EISSN: None     Source Type: Journal    
DOI: 10.1109/TR.2004.824833     Document Type: Article

References (40)

1. (2002) CERT/CC Statistics 1988-2001. CERT Coordination Center, PA. [Online]. Available: http://www.cert.org/stats/cert_stats.html
2. J. Howard, "An Analysis of Security Incidents on the Internet 1989-1995," Ph.D., Carnegie Mellon University, Engineering and Public Policy, 1997.
3. J. H. Houle and G. M. Weaver, "Trends in Denial of Service Attack Technology," Carnegie Mellon University, CERT Coordination Center, 2001.
4. M. Deutsch and R. Willis, Software Quality Engineering: A Total Technical and Management Approach. Englewood Cliffs, NJ: Prentice-Hall, 1988.
5. M. Barbacci, M. Klein, T. Longstaff, and C. Weinstock, "Quality Attributes," Carnegie Mellon University, Software Engineering Institute, Pittsburgh, PA, CMU/SEI-95-TR-02, 1995.
6. A. Avizienis, J. Laprie, and B. Randell, "Fundamental concepts of dependability," in Proc. of the Information Systems Survivability Workshop, Boston, MA, 2000, pp. 7-12.
7. J. Lauber, C. Steger, and R. Weiss, "Autonomous agents for online diagnosis of a safety-critical system based on probabilistic causal reasoning," in Proc. of the 4th Int. Sym. on Autonomous Decentralized Systems, Tokyo, Japan, 1999.
8. A. Pouliezos and G. Stavrakakis, Real-Time Fault Monitoring of Industrial Processes. Boston, MA: Kluwar Academic Publishers, 1994.
9. B. Schroeder, K. Schwan, and S. Aggarwal, "Software approach to hazard detection using online analysis of safety constraints," in Proc. of the 16th Int. Sym. on Reliable Distributed Systems, Durham, NC, 1997, pp. 80-87.
10. A. Avizienis, Toward Systematic Design of Fault-Tolerant Systems: IEEE Computer, 1997, pp. 51-58.
11. S. Axelsson, "Intrusion Detection Systems: A Survey and Taxonomy," Chalmers University of Technology, Dept. of Computer Engineering, Sweden, 99-15, 2000.
12. J. Doyle, I. Kohane, W. Long, H. Shrobe, and P. Szolovits, "Event recognition beyond signature and anomaly," in Proc. of the IEEE Workshop on Information Assurance and Security, West Point, New York, 2001, pp. 17-23.
13. U. Lindqvist and P. A. Porras, "eXpert-BSM: A host-based intrusion detection solution for sun solaris," in Proc. 17th Annual Comp. Security Applications Conf., 2001, pp. 240-251.
14. A. Warrender, S. Forrest, and B. Pearlmutter, "Detecting intrusions using system calls: Alternative data models," in Proc. IEEE Sym. on Security and Privacy, 1999, pp. 133-145.
15. S. Elbaum and J. Munson, "Intrusion detection through dynamic software measurement," in Proc. of the Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, 1999, pp. 41-50.
16. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner, "State of the Practice of Intrusion Detection Technologies," Carnegie Mellon University, Software Engineering Institute, Pittsburgh, PA, CMU/SEI-99-TR-028, 1999.
17. R. P. Lippmann et al., "Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation," in Proc. of the DARPA Information Survivability Conference and Exposition: DISCEX-2000, vol. 2, Hilton Head Island, SC, January 2000.
18. B. Bertsekas, Dynamic Programming and Optimal Control. Belmont, MA: Athena Scientific, 1996, vol. I.
19. M. Athans and P. Falb, Optimal Control. New York, NY: McGraw-Hill, 1966.
20. H. Van Trees, Detection, Estimation and Modulation Theory Part I. New York, NY: John Wiley and Sons, 1968.
21. J. Egan, Signal Detection Theory and ROC Analysis, NY: Academic Press, 1975.
22. J. Tsitsiklis, "Decentralized detection," Advances in Statistical Signal Processing, vol. 2, pp. 297-344, 1993.
23. A. Gelb, J. Kasper, R. Nash, C. Price, and A. Sutherland, Applied Optimal Estimation. Cambridge, MA: MIT Press, 1974.
24. K. Shanmugan and A. Breipohl, Random Signals: Detection, Estimation and Data Analysis. New York, NY: John Wiley & Sons, 1988.
25. M. Putterman, Markov Decision Processes. New York, NY: John Wiley & Sons, 1994.
26. W. Lovejoy, "A survey of algorithmic methods for partially observable Markov decision processes," Annals of Operations Research, vol. 28, pp. 47-66, 1991.
27. C. Fernandez-Gaucherand, A. Arapostathis, and S. Marcus, "On the average cost optimality equation and the structure of optimal policies for partially observable Markov decision processes," Annals of Operations Research, vol. 29, pp. 471-512, 1991.
28. B. Papadimitiou and J. Tsitsiklis, "The complexity of Markov decision processes," Math. Operations Research, vol. 12, pp. 441-450, 1987.
29. R. Gallager, Discrete Stochastic Processes. Boston, MA: Kluwar Academic, 1996.
30. C. Fernandez-Gaucherand and S. Marcus, "Risk-sensitive optimal control of hidden Markov models: Structural results," IEEE Trans. on Automatic Control, vol. 42, pp. 1418-1422, 1997.
31. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo, "Testing and evaluating computer intrusion detection systems," Comm. of the ACM, vol. 42, no. 7, pp. 53-61, 1999.
32. R. Maxion and K. Tan, "Benchmarking anomaly-based detection systems," in Proc. of the Inter. Conf. on Dependable Systems and Networks, New York, NY, 2000, pp. 623-630.
33. S. Axelsson, "The base-rate fallacy and its implications for the difficulty of intrusion detection," in Proc. of the 6th Conf. on Computer and Communications Security, Singapore, 1999, pp. 1-7.
34. N. Ye, S. Emran, X. Li, and Q. Chen, "Statistical process control for computer intrusion detection," in Proc. of the DARPA Information Survivability Conf. & Expo.: DISCEX 2001, vol. I, Anaheim, CA, 2001, pp. 3-14.
35. N. Ye, J. Giordano, and J. Feldman, "CACS-A process control approach to cyber attack detection," Communications of the ACM, vol. 44, no. 8, pp. 76-82, 2001.
36. M. Cramer, J. Cannady, and J. Harrell, "New methods of intrusion detection using control-loop measurement," in 4th Technology for Information Security Conf., Houston, TX, 1996.
37. C. Musliner, M. Pelican, W. Heimerdinger, R. Goldman, D. O'Brien, and D. Apostal, "Automatically synthesizing computer security control systems," in 13th Annual Conference on Computer Security Incident Handling, Toulouse, France, 2001.
38. A. Briney, 2001 Information Security Industry Survey: Information Security Magazine, 2001, pp. 34-47.
39. CERT Incident Note IN-2001-01, Widespread Compromises via "Ramen" Toolkit [Online]. Available: http://www.cert.org/incident_notes/IN-2001-01.html
40. Software Systems International [Online]. Available: http://www.soft-sysint.com