ADEPTS: Adaptive Intrusion Containment in Distributed Service Environments
Bingrui Foo, Yu-Sung Wu, Saurabh Bagchi, Gene Spafford, and Blake Matheny
Tech report number
CERIAS TR 2005-01
Distributed systems with multiple interacting services, such as distributed e-commerce systems, are suitable targets for malicious attacks because of the potential financial impact. Intrusion detection in such systems has been an active area of research, while the problem of containment has received relatively less attention. Containment seeks to localize the effect of the intrusion to some parts of the system while allowing the other parts to continue to provide service. In this paper, we present the design and implementation of an Adaptive Intrusion Tolerant System, ADEPTS, for automatically containing intrusions in a distributed system. ADEPTS uses a directed acyclic graph of intrusion goals, called I-DAG, and a graph of service interactions, called SNet, as the underlying representations in the system. The containment action in ADEPTS initially has the goal of preventing the spread of the intrusion by modifying its path of escalation in the I-DAG. Failing that, it adopts a more drastic response of modifying the interactions of the services in the SNet. There is also a feedback mechanism for the effectiveness of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e- commerce system and evaluated using a survivability metric whose value depends on the operational services in the face of an intrusion.
2004 – 12
automated intrusion response, intrusion containment, e-commerce system, survivability, distributed services
Automated intrusion response