COTS diversity based intrusion detection and application to web servers

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3858 LNCS, Issue , 2006, Pages 43-62

  Totel, Eric ^a   Majorczyk, Frédéric ^a   Mé, Ludovic ^a  

^a SUPELEC Campus de Rennes   (France)

Author keywords

Anomaly detection; COTS diversity; Design diversity; Intrusion detection

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER NETWORKS; COMPUTER SCIENCE; COMPUTER SYSTEMS; SECURITY SYSTEMS; SERVERS; WORLD WIDE WEB;

ANOMALY DETECTION; COMPONENTS-OFF-THE-SHELF (COTS) DIVERSITY; DESIGN DIVERSITY; INTRUSION DETECTION;

COMPUTER CRIME;

EID: 33745650701     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11663812_3     Document Type: Conference Paper

References (22)

1. Shannon, C., Moore, D.: The spread of the witty worm. Security and Privacy 2 (2004)
2. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. Security and Privacy 1 (2003) 33-39
3. Kantz, H., Veider, A.: Design of a vital platform for railway signalling applications. In: Proceedings of the 10th European Workshop on Dependable Computing (EWDC-10), Vienna, Austria (1999) 37-41
4. Adelsbach, A., Cachin, C., Creese, S., Deswarte, Y., Kursawe, K., Laprie, J.C., Pfitzmann, B., Powell, D., Randell, B., Riodan, J., Stroud, R.J., Veríssimo, P., Waidner, M., Welch, I.: MAFTIA conceptual model and architecture. Maftia deliverable d2, LAAS-CNRS (2001)
5. Valdes, A., Almgren, M., Cheung, S., Deswarte, Y., Dutertre, B., Levy, J., Saïdi, H., Stravidou, V., Uribe, T.E.: An adaptive intrusion-tolerant server architecture. In: Proceedings of the 10th International Workshop on Security Protocols, Cambridge, U.K. (2002)
6. Just, J., Reynolds, J., Clough, L., Danforth, M., Levitt, K., Maglich, R., Rowe, J.: Learning Unknown Attacks - A Start. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland (2002)
7. Veríssimo, P.E., Neves, N.F., Correia, M.P.: Intrusion-tolerant architectures: Concepts and design. In: Architecting Dependable Systems. Volume 2677. (2003)
8. Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference. (1997) 353-365
9. Ko, C., Fink, G., Levitt, K.: Automated detection of vulnerabilities in privileged programs by execution monitoring. In: Proceedings of the 10th Annual Computer Security Applications Conference, IEEE Computer Society Press (1994) 134-144
10. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA (2001) 144-155
11. Avizienis, A., Kelly, J.P.J.: Fault tolerance by design diversity: Concepts and experiments. IEEE Computer (1984) 67-80
12. Randell, B,: System structure for software fault tolerance. In: Proceedings of the International Conference on Reliable software. (1975) 437-449
13. Laprie, J.C., Arlat, J., Béounes, C., Kanoun, K.: Definition and analysis of hardware-and-software fault-tolerant architectures. IEEE Computer 23 (1990) 39-51
14. Avizienis, A., Chen, L.: On the implementation of n-version programming for sotware fault tolerance during execution. In: Proceedings of the IEEE COMPSAC 77. (1977) 149-155
15. Lyu, M., He, Y.: Improving the N-version programming process through the evolution of a design paradigm. IEEE Transactions on Reliability 42 (1993) 179-189
16. Gashi, I., Popov, P., Stankovic, V., Strigìni, L. In: On Designing Dependable Services with Diverse Off-The-Shelf SQL Servers. Volume 3069 of Lecture Notes in Computer Science. Springer-Verlag (2004) 196-220
17. Wang, R., Wang, F., Byrd, G.T.: Design and implementation of acceptance monitor for building scalable intrusion tolerant system. In: Proceedings of the 10th International Conference on Computer Communications and Networks, Phoenix, Arizona (2001) 200-5
18. Saidane, A., Deswarte, Y., Nicomette, V.: An intrusion tolerant architecture for dynamic content internet servers. In Liu, P., Pal, P., eds.: Proceedings of the 2003 ACM Workshop on Survivable and Self-Regenerative Systems (SSRS-03), Fairfax, VA, ACM Press (2003) 110-114
19. Tombini, E., Debar, H., Mé, L., Ducassé, M.: A serial combination of anomaly and misuse idses applied to http traffic. In: Proceedings of ACSAC'2004. (2004)
20. Debar, H., Tombini, E.: Webanalyzer: Accurate and fast detection of http attack traces in web server logs. In: Proceedings of EICAR, Malta (2005)
21. Vigna, G., Robertson, W., Kher, V., Kemmerer, R.: A stateful intrusion detection system for world-wide web servers. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV (2003) 34-43
22. Roesch, M.: Snort - lightweight intrusion detection for networks. In: 13th Administration Conference, LISA'99, Seattle, WA (1999)