Quality-of-protection (QoP) - An online monitoring and self-protection mechanism

IEEE Journal on Selected Areas in Communications

Volumn 23, Issue 10, 2005, Pages 1983-1993

  Hariri, Salim ^a,b,c,e   Qu, Guangzhi ^b   Modukuri, Ramkishore ^c,f   Chen, Huoping ^b   Yousif, Mazin ^a,d  

^a IEEE   (United States)

^b UNIVERSITY OF ARIZONA   (United States)

^c University of Arizona   (United States)

^d INTEL CORPORATION   (United States)

^e Center for Advanced TeleSysMatics (CAT)   (United States)

^f EBAY INC   (United States)

Author keywords

Abnormality distance (AD); Network attack; Proactive defense; Quality of protection (QoP)

Indexed keywords

ABNORMALITY DISTANCE; NETWORK ATTACK; ONLINE MONITORING; PROACTIVE DEFENSE; QUALITY OF PROTECTION (QOP);

INFORMATION SERVICES; INTERNET; NETWORK PROTOCOLS; ONLINE SYSTEMS; TELECOMMUNICATION TRAFFIC;

QUALITY OF SERVICE;

EID: 27644564187     PISSN: 07338716     EISSN: None     Source Type: Journal    
DOI: 10.1109/JSAC.2005.854122     Document Type: Article

References (59)

1. R. Albert, H. Jeong, and A. László Barabási, "The Internet's Achilles' Heel: Error and Attack Tolerance of Complex Networks," Nature, pp. 406:378-382, 2000.
2. D. Anderson, T. Frivold, and A. Valdes, "Next-generation intrusion detection expert system (NIDES): A summary," Computer Science Laboratory, SRI International, Menlo Park, CA, Tech. Rep. SRI-CSL-95-07, 1995.
3. S. M. Bellovin, "ICMP Traceback Message," Internet Draft, draft-bellovin-itrace-00.txt, 2000.
4. S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, and W. Weiss, "Anarchitecture for differentiated services," IETF, RFC 2475, 1998.
5. C. Boeckman. (2000) Getting closer to policy-based intrusion detection. [Online]. Available: http://www.chipublishing.com/isb/backissues/ISB_2000/ ISB0504/ISB0504CB.pdf
6. M. Botha et al., The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System. Port Elizabeth: South Africa Inst. Comput. Scientists Inf. Technol., 2002, pp. 149-155.
7. R. Braden, D. Clark, and S. Shenker, "Integrated services in the Internet architecture: An overview," IETF, RFC 1633, 1994.
8. A. Brox. (2002) Signature based or anomaly based intrusion detection-The practice and pitfalls. [Online], Available: http://www.itsecurity.com/papers/ proseq1.htm
9. C. Ko, G. Fink, and K. Levitt, "Automated detection of vulnerabilities in privileged programs by execution monitoring," in Proc. 10th Annu. Conf. Comput. Security Applicat., 1994, pp. 134-144.
10. S. Cowley and M. Williams. (2003) Slammer slugs Internet, down but not out. [Online]. Available: http://www.infoworld.com/article/ 03/01/25/ 030125hnsqlnetupd_1.html
11. M. Crosbie, B. Dole, T. Ellis, I. Krsul, and E. Spafford, "IDIOT - Users guide," COAST Lab., Purdue Univ., West Lafayette, IN, Tech. Rep. TR-96-050, 1996.
12. D. Dittrich. Distributed denial of service (DDoS) attacks/tools page. [Online]. Available: http://staff.washington.edu/dittrich/ddos/
13. X. Dong et al., "Autonomia: An autonomic computing environment," in Proc. Int. Conf. Comput. Commun., Apr. 2003, pp. 61-68.
14. E. Lemonnier, "Protocol Anaomoly Detection in Network Based IDSs," Defcom, 2001.
15. J. Farshchi. (2003) Statistical-Based Intrusion Detection. [Online]. Available: http://www.securityfocus.com/infocus/1686
16. P. Ferguson and D. Senie, "Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing," IETF, RFC 2267, 1998.
17. S. Gaudin. (2003) 2003 Worst Year Ever for Viruses, Worms. [Online]. Available: http://www.internetnews.eom/infra/article.php/3 292 461
18. T. M. Gil and M. Poletter, "MULTOPS: A data-structure for bandwidth attack detection," in Proc. USENIX Security Symp., Aug. 2001.
19. S. Hariri, C. S. Raghavendra, Y. Kim, M. Djunaedi, R. P. Nellipudi, A. Rajagopalan, P. Vadlamani, and Y. Zhang, Proc. CATALINA: A Smart Applicat. Contr. Manage. Active Middleware Serv. Conf., Pittsburg, PA, 2000, pp. 43-55.
20. S. Hariri, G. Qu, T. Dharmagadda, and R. Modukuri, "Impact analysis of faults and attacks in large-scale networks," IEEE Security and Privacy, vol. 1, no. 5, pp. 49-54, Sep./Oct. 2003.
21. J. Hochberg et al., "Nadir: An automated system for detecting network intrusion and misuse," Comput. Security, vol. 12, no. 3, pp. 235-248, 1993.
22. Y. T. Hou, Y. Dong, and Z. Zhang. (2003) Network performance measurement and analysis - Part 1 : A server-based measurement infrastructure. [Online]. Available: http://citeseer.nj.nec.com/249 251.html
23. S. Howard. (2001) Stick and network signature based intrusion detection. [Online]. Available: http://www.sans.org/rr/threats/stick.php
24. J. Ioannidis and S. M. Bellovin, "Implementing pushback: Router-based defense against DDoS attacks," in Proc. NDSS, San Diego, CA, Feb. 2002.
25. S. Jha, R. Linger, T. Longstaff, and J. Wing, "Survivability analysis of network specifications," in Proc. Workshop Dependability Despite Malicious Faults, 2000, pp. 613-622.
26. J. Jin and J. Shi, "Automatic feature extraction of waveform signals for in-process diagnostic performance improvement," J. Intell. Manuf, vol. 12, pp. 257-268, 2001.
27. B. Khargharia et al., "VGrid: A framework for building autonomic applications," in Proc. Int. Workshop Challenges Large Applicat. Distrib. Environ., Jun. 2003, pp. 19-26.
28. T. Killalea, "Recommended Internet service provider security services and procedures," IETF, RFC 3013, 2000.
29. K. Ilgun, A. R. Kemmerer, and A. P. Porras, "State transition analysis: A rule-based intrusion detection approach," IEEE Trans. Softw. Eng., vol. 21, no. 3, pp. 181-199, Mar. 1995.
30. T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, C. Jalali, P. G. Neumann, H. S. Javitz, A. Valdes, and T. D. Garvey, "A real time intrusion detection expert system (IDES)," SRI Int., Menlo Park, CA, 1992.
31. A. Mankin, F. Baker, R. Braden, M. O'Dell, A. Romanow, A. Weinrib, and L. Zhang, "Resource reservation protocol (RSVP) version 1, applicability statement," IETF, RFC 2208, 1997.
32. (2003) Slammer Worm. Matrix. [Online]. Available: http://www. matrixnetsystems.com/ea/2003/20 030 130.jsp
33. R. Manajan et al., "Controlling high bandwidth aggregates in the network," in ACM SIGCOMM Comput. Commun. Revi., Jul. 2002, 32(3).
34. D. C. Montgomery, Design and Analysis of Experiments, 5th ed. New York: Wiley, 2000.
35. D. Moore, G. Voelker, and S. Savage, "Inferring Internet denial of service activity," in Proc. USENIX Security Symp., Aug. 2001.
36. McAfee Security. (2004). McAfee virusscan real-time virus protection. [Online]. Available: http://us.mcafee.com/root/package.asp?pkgid=100&cid= 9052
37. L. Nistor. (2002) Rules definition for anomaly based intrusion detection. [Online]. Available: http://www.security-gurus.de/papers/ anomaly_rules_def.pdf
38. G. Qu, S. Hariri, X. Zhu, J. Jin, and Y. Mazin, "Multivariate statistical online analysis for self protection against network attacks," in Proc. 3rd ACS/IEEE Int. Conf. Comput. Syst. Applicat., 2005, page(s):93.
39. G. Qu, S. Hariri, and Y. Mazin, "A new dependency and correlation analysis for features," in IEEE Trans. Knowl. Data Eng., Special Issue on Intelligent Data Preparation, Sep. 2005, pp. 1199-1207.
40. "Threat and Vulnerability Model for Information Security," Report to the President's Commission on critical infrastructure protection, 1997.
41. C. Sample and I. Poynter, "Quantifying vulnerabilities in the networked environment: Methods and uses," in Proc. TISC2000/S9, 2000.
42. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical network support for IP traceback," in Proc. ACM SIGCOMM, Aug. 2000, pp. 295-306.
43. B. Schneier, Attack Trees: Dr. Dobb's Journal, 1999.
44. R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, and S. Zhou, "Specification-based anomaly detection: A new approach for detecting network intrusions," in Proc. 9th ACM Conf. Comput. Commun. Security, 2002, pp. 265-274.
45. E. S. Smaha and J. Winslow, "Misuse detection tools," Comput. Security J., pp. 39-49, Spring 1994.
46. D. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," in Proc. ACM SIGCOMM, Mar. 2001.
47. R. Stone, "CenterTrack: An IP overlay network for tracking DoS floods," in Proc. 9th USENIX Security Symp., Denver, CO, Aug. 2000, pp.199-212.
48. Sophos. (2004) Sophos - Anti-virus and anti-spam for business. [Online]. Available: http://www.sophos.com/
49. A. C. Snoren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer, "Hash-based IP traceback," in Proc. ACM SIGCOMM, Mar. 2001, pp. 3-14.
50. L. P. Swiler, C. Phillips, and T. Gaylor, "A Graph-Based Network-Vulnerability Analysis System," Sandia Rep. SAND97-3010/1, Sandia Nat. Lab., vol. 31, pp. 517-527, 1998.
51. (2004) Talisker Network Intrusion Prevention Systems. [Online]. Available: http://www.securitywizardry.com/inline.htm
52. B. Tjaden et al., (2004) INBOUNDS: The integrated network-based Ohio University network detective service. [Online]. Available: http://www.mts.jhu. edu/~marchette/ID04/Papers/SCI2000.pdf
53. H. Wang, D. Zhang, and K. G. Shin, "Detecting SYN flooding attacks," in Proc. IEEE INFOCOM, New York, Jun. 2002, pp. 1530-1539.
54. DoS attack. [Online]. Available: http://www.webopedia.com/TERM/ D/DoS_attack.html
55. D. Yau, J. Liu, and F. Liang, "Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles," in Proc. IWQoS, Miami Beach, FL, May 2002, pp. 35-44.
56. 2 multivariate profiling for anomaly detection," in Proc. IEEE Syst., Man, Cybern. Inf. Assur. Security Workshop, West Point, NY, Jun. 2000, pp. 180-186.
57. N. Ye and Q. Chen, "An anomaly detection technique based on a chisquare statistic for detecting intrusions into information systems," Qual. Reliab. Eng. J., vol. 17, pp. 105-112, 2001.
58. D. Zamboni et al., "An architecture for intrusion detection using autonomous agents," COAST Lab., Purdue Univ., West Lafayette, IN, Tech. Rep. 98/05, IN 47907-1398, 1998.
59. H. Zhu, M. Parashar, J. Yang, Z. Zhang, S. Rao, and S. Hariri, "Self-adapting, self-optimizing runtime management of grid applications using pragma," in Proc. IEEE/ACM Int. Parallel Distrib. Process. Symp., NSF Next Generation Syst. Prog. Workshop, Apr. 2003, page(s):7